Infoblox has been tracking the Detour Dog threat actor since August 2023. Detour Dog is tied to ongoing campaigns distributing the information stealer Strela Stealer, a malware designed to exfiltrate sensitive data from compromised systems. The attacker controls DNS domains that host the initial stage of the malware, specifically a backdoor named StarFish, which establishes a foothold in targeted networks.
The DNS-based infrastructure managed by Detour Dog presents risks as it facilitates stealthy communication and command and control for the malware. This setup complicates traditional detection methods, allowing persistent access to victim systems. The identification of this infrastructure highlights the evolving tactics threat actors use to bypass security controls.
The implications of Detour Dog’s activity are significant for cybersecurity defenses, emphasizing the need for enhanced DNS monitoring and threat intelligence. Understanding such threat actor infrastructure aids in disrupting distribution channels and mitigating information theft risks associated with Strela Stealer campaigns.
👉 Pročitaj original: The Hacker News
