Thioxoethenylidene

New Lumen research reveals previously unseen Qakbot infrastructure

Retrieved on: 
Thursday, June 1, 2023
C2, Organization, Thioxoethenylidene, Intelligence, URL, Research, NYSE, Machine learning, Lumen Technologies, Environment, Internet, Cryptocurrency, Online shopping, Drug, Lumen

DENVER, June 1, 2023 /PRNewswire/ -- Black Lotus Labs, the threat research arm of Lumen Technologies (NYSE: LUMN), has used Lumen's proprietary global telemetry to monitor Qakbot – a potent malware/ransomware distribution network – for years. Today the team announced new research into the advanced techniques the botnet uses to propagate and evade detection.

Key Points: 
  • "Qakbot remains a pervasive threat that continues to leverage its infected hosts in previously unknown ways," said Mark Dehus, director of threat intelligence for Lumen Black Lotus Labs.
  • "Our team discovered previously unseen infrastructure used to reallocate existing bots for additional functions.
  • The discovery of this sophisticated backend control infrastructure shows that Qakbot has reached a very concerning level of maturity."
  • As a result of this research, Black Lotus Labs null-routed the higher-tier infrastructure, limiting Qakbot's ability to impact Lumen's customers and the internet as a whole.

Lumen discovers new malware that targeted home-office routers for two years

Retrieved on: 
Tuesday, June 28, 2022
People, LinkedIn, Research, Linux, Internet, Intelligence, RATS, Multimedia, TTP/A, Thioxoethenylidene, HTTP, Technology, NYSE, Communication, Organization, MacOS, DNS, Facebook, RAT, Lumen Technologies, Instagram, SOHO, Government, Twitter, Dehu Road, Work, Television, Cryptocurrency, Drug, Lumen

DENVER, June 28, 2022 /PRNewswire/ -- Black Lotus Labs, the threat intelligence arm of Lumen Technologies (NYSE: LUMN), today announced that it discovered a new remote access trojan (RAT) called ZuoRAT, which targets remote workers via their small office/home office (SOHO) devices. It is part of a complex campaign that went undetected for nearly two years. The tactics, techniques and procedures (TTPs) that analysts observed are highly sophisticated and bear the markings of what is likely a nation-state threat actor.

Key Points: 
  • ZuoRAT targets remote workers via their home routers and is part of a complex, potentially nation-state campaign.
  • To help mitigate the threat, they should ensure patch planning includes routers, and confirm these devices are running the latest software available."
  • Using proprietary telemetry from the Lumen global IP backbone, Black Lotus Labs identified that, once infected, the routers communicated with other compromised routers to further obfuscate malicious activity.
  • Lumen and Lumen Technologies are registered trademarks in the United States.

Prevailion Launches ARKTOS, a Malware Replication Platform for Network Security Validation

Retrieved on: 
Wednesday, April 20, 2022
Technology, Networks, Security, Bela, CEO, Behavior, Madiga, APT, Infection, Organization, Compromise, SolarWinds, EOC, Communication, HTTP, Policy, Intelligence, Thioxoethenylidene, IP, Business development, Risk, Time, Cryptocurrency, Risk management, Private investigator, Trickbot

Prevailion, a global leader in Compromise Breach MonitoringTM, announces the official launch of ARKTOS, the first malware replication platform that allows companies to safely test their network security readiness against the worlds most challenging early-stage malware.

Key Points: 
  • Prevailion, a global leader in Compromise Breach MonitoringTM, announces the official launch of ARKTOS, the first malware replication platform that allows companies to safely test their network security readiness against the worlds most challenging early-stage malware.
  • Sophisticated network intrusions often begin with a precursor, or initial access, malware like AnchorDNS.
  • Even with the best network security and monitoring tools in place, many companies still fail to detect precursor attacks.
  • ARKTOSs Malware Replication Profiles are based on the complex network behavior of real APT and commodity malware, including:
    Callback frequency and initiation policy (round-robin, random, user activity triggered, etc.)

Lumen Q3 DDoS research reveals increases in quantity, size and complexity of attacks

Retrieved on: 
Tuesday, November 16, 2021
Intelligence, Denial-of-service attack, View, MPPs, Industry, Government, Method, Organization, Work, Technology, Thioxoethenylidene, IOT, TCP, Web application firewall, Instagram, Multimedia, Research, Facebook, UDP, Twitter, Human, DNS, Telecom, LinkedIn, Communication, Lumen Technologies, Weapon, Mobile phone, Online shopping

DENVER, Nov. 16, 2021 /PRNewswire/ -- Data from the Lumen Technologies Q3 DDoS Report , released today, reveals that three fundamental metrics quantity, size and complexity of DDoS attacks all increased in the third quarter of 2021.

Key Points: 
  • DENVER, Nov. 16, 2021 /PRNewswire/ -- Data from the Lumen Technologies Q3 DDoS Report , released today, reveals that three fundamental metrics quantity, size and complexity of DDoS attacks all increased in the third quarter of 2021.
  • The longest DDoS attack period Lumen mitigated for an individual customer lasted 14 days.
  • Attack sizes in the Lumen Q3 DDoS Report convey the largest attacks scrubbed by Lumen global DDoS scrubbing infrastructure, rather than the largest attacks observed transiting or being scrubbed by the Lumen network.
  • Learn how organizations currently under attack can turn up DDoS mitigation in minutes with Lumen DDoS Hyper.