All news with #dns hijacking tag

EdgeStepper Backdoor Reroutes DNS to Hijack Updates

🔒 ESET researchers disclosed a Go-based network backdoor dubbed EdgeStepper, used by the China-aligned actor PlushDaemon to reroute DNS queries and enable adversary-in-the-middle (AitM) attacks. EdgeStepper forces update-related DNS lookups to attacker-controlled nodes, delivering a malicious DLL that stages additional components. The chain targets update mechanisms for Chinese applications including Sogou Pinyin and ultimately fetches the SlowStepper backdoor to exfiltrate data.

Domain-Based Attacks Will Continue to Wreak Havoc Globally

🔒 Domain-based attacks that exploit DNS and registered domains are rising in frequency and sophistication, driven heavily by AI. Attackers increasingly blend website spoofing, email domain impersonation, subdomain hijacking, DNS tunnelling and automated domain-generation (DGAs) to scale campaigns and evade detection. Many proven protections—Registry Lock, DNSSEC, DNS redundancy and active domain monitoring—remain underused, leaving organizations exposed. Security teams should adopt preemptive scanning, layered DNS controls, strict asset ownership and employee training to limit impact.