BotNet News

Cyberthreat News delivers the latest cybersecurity news and analysis from some of the world’s most innovative global companies. Our partners help protect people, businesses, and the digital economy from sophisticated threats and attacks. We share content, establish partnerships, and promote policies that enhance the security and resilience of our digital ecosystem.

Threat actor Detour Dog has been spotted maintaining control of DNS TXT records used to redirect site visitors to a variety of scams and malware downloads. Infoblox says it’s been tracking the actor since August 2023, when GoDaddy-owned Sucuri reported attacks targeting WordPress sites to embed malicious JavaScript, which then redirected users to sketchy sites and malware.

The long-running hacking group Confucius has targeted government agencies, military organizations, defense contractors, and critical infrastructure across South Asia in recent campaigns, using phishing and malicious documents as initial access vectors. Now, the threat actors appear to be leveraging a Python-based backdoor called Anondoor in those campaigns, signaling an evolution of their attack surface and technical agility.

Mandiant has spotted a new cluster of activity possibly linked to a financially motivated threat actor stealing data from Oracle E-Business Suite databases. The attackers are sending extortion emails to executives at a wide range of organizations, demanding ransom payments in exchange for unlocking encrypted files.