Posts tagged with: DNS

We have observed an attack led by the APT group Wekby targeting a US-based organization in recent weeks. Wekby is a group that has been active for a number of years, targeting various industries such as healthcare, telecommunications, aerospace, defense, and high tech. The group is known to leverage recently released exploits very shortly after

One of our team members on Unit 42 recently received a phone call from a scammer, and today being April Fool’s Day we decided to write about how we played along with the scammer to learn about his operation. Unit 42 analyst Robert received a phone call from a Tech Support scammer who told him

This is the second part of our series on “connecting the dots,” where we investigate ways to link attacks together to gain a better understanding of how they are related. In Part 1, we looked at how domain WHOIS information can be used to identify connections between malicious domains and potentially the actors who own