{"id":26960,"date":"2019-04-24T18:06:00","date_gmt":"2019-04-24T18:06:00","guid":{"rendered":"https:\/\/www.threatshub.org\/blog\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\/"},"modified":"2019-04-24T18:06:00","modified_gmt":"2019-04-24T18:06:00","slug":"cisco-dnspionage-attack-adds-new-tools-morphs-tactics","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\/","title":{"rendered":"Cisco: DNSpionage attack adds new tools, morphs tactics"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/images.idgesg.net\/images\/article\/2019\/02\/cyber_attack_threat_danger_breach_hack_security_by_calvindexter_gettyimages-860363294_2400x800-100788395-large.3x2.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>The group behind the Domain Name System attacks known as DNSpionage have upped their dark actions with new tools and malware to focus their attacks and better hide their activities.&nbsp;<\/p>\n<p>Cisco Talos security researchers, who discovered <a href=\"https:\/\/blog.talosintelligence.com\/2018\/11\/dnspionage-campaign-targets-middle-east.html\" rel=\"nofollow\">DNSpionage<\/a> in November, this week warned of new exploits and capabilities of the nefarious campaign.<\/p>\n<aside class=\"fakesidebar\">\n<p><strong>More about DNS:<\/strong><\/p>\n<\/aside>\n<p>\u201cThe threat actor&#8217;s ongoing development of DNSpionage malware shows that the attacker continues to find new ways to avoid detection. DNS tunneling is a popular method of exfiltration for some actors and recent examples of DNSpionage show that we must ensure DNS is monitored as closely as an organization&#8217;s normal proxy or weblogs,\u201d <a href=\"https:\/\/blog.talosintelligence.com\/2019\/04\/dnspionage-brings-out-karkoff.html\" rel=\"nofollow\">Talos wrote<\/a>.&nbsp; &nbsp;\u201cDNS is essentially the phonebook of the internet, and when it is tampered with, it becomes difficult for anyone to discern whether what they are seeing online is legitimate.\u201d<\/p>\n<p>In Talos\u2019 initial report, researchers said a DNSpionage campaign targeted various businesses in the Middle East as well as United Arab Emirates government domains. It also utilized two malicious websites containing job postings that were used to compromise targets via crafted Microsoft Office documents with embedded macros. The malware supported HTTP and DNS communication with the attackers.<\/p>\n<p>In a separate DNSpionage campaign, the attackers used the same IP address to redirect the DNS of legitimate .gov and private company domains. During each DNS compromise, the actor carefully generated \u201cLet&#8217;s Encrypt\u201d certificates for the redirected domains. These certificates provide X.509 certificates for <a href=\"https:\/\/www.networkworld.com\/article\/2303073\/lan-wan-what-is-transport-layer-security-protocol.html\">Transport Layer Security (TLS)<\/a> free of charge to the user, Talos said.<\/p>\n<p>This week Cisco said DNSpionage actors have created a new remote administrative tool that supports HTTP and DNS communication with the attackers&#8217; command and control (C2).<\/p>\n<aside class=\"nativo-promo nativo-promo-1 smartphone\" id><\/aside>\n<p>\u201cIn our previous post concerning DNSpionage, we showed that the malware author used malicious macros embedded in a Microsoft Word document. In the new sample from Lebanon identified at the end of February, the attacker used an Excel document with a similar macro.\u201d<\/p>\n<aside id=\"fsb-2599\" class=\"fakesidebar fakesidebar-auto fakesidebar-sponsored\"><strong>[ <a href=\"https:\/\/pluralsight.pxf.io\/c\/321564\/424552\/7490?u=https%3A%2F%2Fwww.pluralsight.com%2Fpaths%2Fcertified-information-systems-security-professional-cisspr\" rel=\"nofollow\">Prepare to become a Certified Information Security Systems Professional with this comprehensive online course from PluralSight. Now offering a 10-day free trial!<\/a> ]<\/strong><\/aside>\n<p>Talos wrote: \u201cThe malware supports HTTP and DNS communication to the C2 server. The HTTP communication is hidden in the comments in the HTML code. This time, however, the C2 server mimics the GitHub platform instead of Wikipedia. While the DNS communication follows the same method we described in our previous article, the developer added some new features in this latest version and, this time, the actor removed the debug mode.\u201d<\/p>\n<aside class=\"nativo-promo nativo-promo-1 tablet desktop\" id><\/aside>\n<p>Talos added that the domain used for the C2 campaign is \u201cbizarre.\u201d<\/p>\n<p>\u201cThe previous version of DNSpionage attempted to use legitimate-looking domains in an attempt to remain undetected. However, this newer version uses the domain \u2018coldfart[.]com,\u2019 which would be easier to spot than other APT campaigns which generally try to blend in with traffic more suitable to enterprise environments. The domain was also hosted in the U.S., which is unusual for any espionage-style attack.\u201d<\/p>\n<p>Talos researchers said they discovered that DNSpionage added a reconnaissance phase, that &nbsp;ensures the payload is being dropped on specific targets rather than indiscriminately downloaded on every machine.<\/p>\n<p>This level of attack also returns information about the workstation environment, including platform-specific information, the name of the domain and the local computer, and information concerning the operating system, Talos wrote. This information is key to helping the malware select the victims only and attempts to avoid researchers or sandboxes. Again, it shows the actor&#8217;s improved abilities, as they now fingerprint the victim.<\/p>\n<aside class=\"nativo-promo nativo-promo-2 tablet desktop smartphone\" id><\/aside>\n<p>This new tactic indicates an improved level of sophistication and is likely in response to the significant amount of public interest in the campaign.<\/p>\n<p>Talos noted that there have been several other public reports of DNSpionage attacks, and in January, the U.S. Department of Homeland Security issued an <a href=\"https:\/\/www.us-cert.gov\/ncas\/alerts\/AA19-024A\" rel=\"nofollow\">alert<\/a> warning users about this threat activity.<\/p>\n<p>\u201cIn addition to increased reports of threat activity, we have also discovered new evidence that the threat actors behind the DNSpionage campaign continue to change their tactics, likely in an attempt to improve the efficacy of their operations,\u201d Talos stated.<\/p>\n<p>In April, Cisco Talos identified an undocumented malware developed in .NET. On the analyzed samples, the malware author left two different internal names in plain text: &#8220;DropperBackdoor&#8221; and &#8220;Karkoff.&#8221;<\/p>\n<p>\u201cThe malware is lightweight compared to other malware due to its small size and allows remote code execution from the C2 server. There is no obfuscation and the code can be easily disassembled,\u201d Talos wrote.&nbsp;<\/p>\n<p>The Karkoff malware searches for two specific anti-virus platforms: Avira and Avast and will work around them.<\/p>\n<p>\u201cThe discovery of Karkoff also shows the actor is pivoting and is increasingly attempting to avoid detection while remaining very focused on the Middle Eastern region,\u201d Talos wrote.<\/p>\n<p>Talos distinguished DNSpionage from another DNS attack method, \u201c<a href=\"https:\/\/www.networkworld.com\/article\/3389747\/cisco-talos-details-exceptionally-dangerous-dns-hijacking-attack.html\">Sea Turtle<\/a>\u201d, it detailed this month.&nbsp; Sea Turtle involves state-sponsored attackers that are abusing DNS to target organizations and harvest credentials to gain access to sensitive networks and systems in a way that victims are unable to detect. This displays unique knowledge about how to manipulate DNS, Talos stated.<\/p>\n<p>By obtaining control of victims\u2019 DNS, attackers can change or falsify any data victims receive from the Internet, illicitly modify DNS name records to point users to actor-controlled servers and users visiting those sites would never know, Talos reported.&nbsp;<\/p>\n<p>&nbsp;\u201cWhile this incident is limited to targeting primarily national security organizations in the Middle East and North Africa, and we do not want to overstate the consequences of this specific campaign, we are concerned that the success of this operation will lead to actors more broadly attacking the global DNS system,\u201d Talos stated about Sea Turtle.&nbsp;&nbsp;<\/p>\n<div class=\"end-note\">\n<div id class=\"blx blxParticleendnote blxM2005 blox4_html blxC23909\">Join the Network World communities on <a href=\"https:\/\/www.facebook.com\/NetworkWorld\/\" target=\"_blank\">Facebook<\/a> and <a href=\"https:\/\/www.linkedin.com\/company\/network-world\" target=\"_blank\">LinkedIn<\/a> to comment on topics that are top of mind.<\/div>\n<\/div>\n<p>READ MORE <a href=\"https:\/\/www.networkworld.com\/article\/3390666\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics.html#tk.rss_security\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\nThe group behind the Domain Name System attacks known as DNSpionage have upped their dark actions with new tools and malware to focus their attacks and better hide their activities.\u00a0Cisco Talos security researchers, who discovered DNSpionage in November, this week warned of new exploits and capabilities of the nefarious campaign.<br \/>\nMore about DNS:<br \/>\n DNS in the cloud: Why and why not<br \/>\n DNS over HTTPS seeks to make internet use more private<br \/>\n How to protect your infrastructure from DNS cache poisoning<br \/>\n ICANN housecleaning revokes old DNS security key <\/p>\n<p>\u201cThe threat actor&#8217;s ongoing development of DNSpionage malware shows that the attacker continues to find new ways to avoid detection. DNS tunneling is a popular method of exfiltration for some actors and recent examples of DNSpionage show that we must ensure DNS is monitored as closely as an organization&#8217;s normal proxy or weblogs,\u201d Talos wrote.\u00a0 \u00a0\u201cDNS is essentially the phonebook of the internet, and when it is tampered with, it becomes difficult for anyone to discern whether what they are seeing online is legitimate.\u201dTo read this article in full, please click here READ MORE HERE&#8230;<\/p>\n","protected":false},"author":2,"featured_media":26961,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[738],"tags":[307],"class_list":["post-26960","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-networkworld","tag-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.6 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Cisco: DNSpionage attack adds new tools, morphs tactics 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Cisco: DNSpionage attack adds new tools, morphs tactics 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2019-04-24T18:06:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/04\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Cisco: DNSpionage attack adds new tools, morphs tactics\",\"datePublished\":\"2019-04-24T18:06:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\\\/\"},\"wordCount\":980,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics.jpg\",\"keywords\":[\"Security\"],\"articleSection\":[\"Networkworld\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\\\/\",\"name\":\"Cisco: DNSpionage attack adds new tools, morphs tactics 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics.jpg\",\"datePublished\":\"2019-04-24T18:06:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2019\\\/04\\\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics.jpg\",\"width\":1200,\"height\":800},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"Cisco: DNSpionage attack adds new tools, morphs tactics\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Cisco: DNSpionage attack adds new tools, morphs tactics 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\/","og_locale":"en_US","og_type":"article","og_title":"Cisco: DNSpionage attack adds new tools, morphs tactics 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2019-04-24T18:06:00+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/04\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Cisco: DNSpionage attack adds new tools, morphs tactics","datePublished":"2019-04-24T18:06:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\/"},"wordCount":980,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/04\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics.jpg","keywords":["Security"],"articleSection":["Networkworld"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\/","url":"https:\/\/www.threatshub.org\/blog\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\/","name":"Cisco: DNSpionage attack adds new tools, morphs tactics 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/04\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics.jpg","datePublished":"2019-04-24T18:06:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/04\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2019\/04\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics.jpg","width":1200,"height":800},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/cisco-dnspionage-attack-adds-new-tools-morphs-tactics\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.threatshub.org\/blog\/tag\/security\/"},{"@type":"ListItem","position":3,"name":"Cisco: DNSpionage attack adds new tools, morphs tactics"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/26960","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=26960"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/26960\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/26961"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=26960"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=26960"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=26960"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}