Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎10-31-2023 06:30 PM
‎10-31-2023 06:30 PM

Hive0051’s large scale malicious operations using standard DNS Fluxing or Fast Fluxing

Hi All

 

Fascinating breakdown on this threat and how it works.

 

Standard DNS fluxing or fast-fluxing, is a technique threat actors use to rapidly rotate infrastructure by regularly changing the IP address their C2 domain points to in public DNS records. Hive0051 has adopted the novel use of multiple channels to store DNS records as opposed to a traditional DNS record configuration. In this methodology, public Telegram channels and Telegraph sites are essentially used as DNS servers and are fluxed in synchrony together with the DNS records. This enables Hive0051 to fallback to secondary channels in order to resolve the currently active C2 server, should the domain be blocked via any of the other channels. 

 

https://securityintelligence.com/x-force/hive0051-malicious-operations-enabled-dns-fluxing/

 

Regards

 

Caute_Cautim

 

 

Reply
0 Replies