Hackers often abuse DNS and ICMP tunneling to transmit data and bypass network security measures covertly.
All these protocols, which are often enabled by poorly protected firewalls, can be manipulated to create hidden communication routes for transferring sensitive data out or creating entry points for unauthorized users.
This evasion technique enables threat actors to maintain persistence and avoid detection within compromised networks.
Positive Technologies researchers recently discovered that ExCobalt’s new tool, GoRed, uses DNS and ICMP tunneling for C2 server communication.
GoRed Using DNS & ICMP Tunneling
ExCobalt, a group of cyber criminals likely to be an extension of Cobalt, notoriously known for attacks on financial institutions,…
Source link