"The actors behind this campaign have focused on using DNS hijacking as a mechanism for achieving their ultimate objectives," the five researchers said. "DNS hijacking occurs when the actor can illicitly modify DNS name records to point users to actor-controlled servers." In most cases, threat actors typically stop or slow down their activities once their campaigns are publicly revealed." "The threat actors also used an interesting technique called certificate impersonation. They said the threat actors were able to maintain long-term persistent access to many of these networks by using compromised credentials.
Source: The North Africa Journal April 17, 2019 22:41 UTC