Show in Graph
Common Information
Type Value
Value 
DNS Server - T1584.002
Category Attack-Pattern
Type Mitre-Attack-Pattern
Misp Type Cluster
Description Adversaries may compromise third-party DNS servers that can be used during targeting. During post-compromise activity, adversaries may utilize DNS traffic for various tasks, including for Command and Control (ex: [Application Layer Protocol](https://attack.mitre.org/techniques/T1071)). Instead of setting up their own DNS servers, adversaries may compromise third-party DNS servers in support of operations. By compromising DNS servers, adversaries can alter DNS records. Such control can allow for redirection of an organization's traffic, facilitating Collection and Credential Access efforts for the adversary.(Citation: Talos DNSpionage Nov 2018)(Citation: FireEye DNS Hijack 2019) Additionally, adversaries may leverage such control in conjunction with [Digital Certificates](https://attack.mitre.org/techniques/T1588/004) to redirect traffic to adversary-controlled infrastructure, mimicking normal trusted network communications.(Citation: FireEye DNS Hijack 2019)(Citation: Crowdstrike DNS Hijack 2019) Adversaries may also be able to silently create subdomains pointed at malicious servers without tipping off the actual owner of the DNS server.(Citation: CiscoAngler)(Citation: Proofpoint Domain Shadowing)
Details Published Attributes CTI Title
Details Website 2023-10-23 3 How an AppleTV may take down your (#IPv6) network - SANS Internet Storm Center
Details Website 2023-10-20 4 What Is a DNS Server? Definition, Purpose, Types of DNS Servers, and Their Safety
Details Website 2023-10-17 1 6 Common Phishing Attacks and How to Protect Against Them
Details Website 2023-10-12 7 What Is DNS? Definition, How It Works Step-by-Step, Security
Details Website 2023-10-05 4 Dancing the night away with named pipes - PIPEDANCE client release — Elastic Security Labs
Details Website 2023-10-02 7 90s Vulns In 90s Software (Exim) - Is the Sky Falling?
Details Website 2023-09-29 2 Internet Egress Security Architecture for AWS Workloads | Part 2 - Isolated VPCs
Details Website 2023-09-21 0 Protecting Uptime Everytime - The Importance of DNS DDoS Defense | Infoblox
Details Website 2023-09-21 1 IoT threats in 2023
Details Website 2023-09-19 0 Why DNS Protection Should Be A Crucial Part In Building Cyber Defense
Details Website 2023-09-18 20 Ransomware Redefined: RedEnergy Stealer-as-a-Ransomware attacks
Details Website 2023-09-07 4 Zero Day Initiative — Looking at the ChargePoint Home Flex Threat Landscape
Details Website 2023-09-07 2 Defending Your Local DNS Infrastructure Is Critical. | NETSCOUT
Details Website 2023-09-01 0 Understanding Malicious Package Attacks and Defense Strategies for Robust Cybersecurity
Details Website 2023-08-29 9 What's in a name? Strange behaviors at top-level domains creates uncertainty in DNS
Details Website 2023-08-28 42 Kaspersky Lab’s technical analysis of Lockbit v3 Builder
Details Website 2023-08-24 18 VexTrio Deploys DNS-based TDS Server
Details Website 2023-08-22 7 ​Hitachi Energy AFF66x | CISA
Details Website 2023-08-12 0 Portmaster: Privacy Oriented Firewall
Details Website 2023-08-12 26 Internet Storm Center Diary 2023-08-12 - SANS Internet Storm Center
Details Website 2023-08-11 2 Researchers Uncover Years-Long Cyber Espionage on Foreign Embassies in Belarus
Details Website 2023-08-11 0 The Ultimate Anonymous On Internet
Details Website 2023-08-10 57 From Google DNS to Tech Support Scam Sites: Unmasking the Malware Trail
Details Website 2023-08-10 4 TunnelCrack vulnerabilities in VPN clients
Details Website 2023-08-09 12 Malware Analysis & Network Forensics — HawkEye