‘Karkoff’ Is the New ‘DNSpionage’ With Selective Targeting Strategy

The cybercriminal organization responsible for the infamous DNSpionage malware campaign has been discovered running a new, sophisticated operation that infects select victims with a new DNSpionage variant.

DNSpionage is a custom remote administrative tool that uses HTTP and DNS communication to communicate with the attacker-controlled command and control server. It was discovered for the first time in November of last year.

According to a new report by Cisco’s Talos threat research team, the group has adopted new tactics, techniques, and procedures to increase the effectiveness of its operations, making its cyber attacks more targeted, organized, and sophisticated.

In contrast to previous campaigns, attackers have begun conducting reconnaissance on their victims before infecting them with a new piece of malware dubbed Karkoff, allowing them to choose which targets to infect selectively to remain undetected.

The researchers state, “We identified infrastructure overlaps in the DNSpionage and Karkoff cases.”

During the Reconnaissance phase, attackers collect system information regarding the victim’s workstation environment, operating system, domain, and list of running processes.

“The malware searches for the Avira and Avast anti-virus programs. If one of these security products is identified as installed on the system during the reconnaissance phase, a specific flag will be set and certain configuration file options will be ignored “researchers state.

Developed in.NET, Karkoff enables remote code execution on compromised hosts from an attacker’s command and control server. Earlier this month, Cisco Talos identified Karpoff as undocumented malware.

What is interesting is that the Karkoff malware generates a log file containing a list of all commands it has executed along with a timestamp on the victim’s system.

The researchers explain, “This log file can be easily used to generate a timeline of command execution, which can be extremely useful when responding to this type of threat.”

“As a result, an organization infected with this malware would be able to review the log file and identify the commands executed against them.”

Similar to the previous DNSpionage campaign, the most recent attacks target the Middle East, including Lebanon and the United Arab Emirates (UAE).

In addition to disabling macros and employing trustworthy antivirus software, you should remain vigilant and educate yourself about social engineering techniques to reduce the likelihood of falling victim to such attacks.

Due to several public reports of DNS hijacking attacks, the U.S. Department of Homeland Security (DHS) issued an “emergency directive” earlier this year requiring all federal agencies’ IT staff to audit DNS records for their respective website domains or other agency-managed domains.

Why Trust Us?

Best Top Reviews Online was established in 2018 to provide our readers with detailed, truthful, and impartial advice on what to buy. We now have millions of monthly users from all over the world and annually evaluate over a thousand products.

The above article was written by the BestTopReviewsOnline team, which consists of some of the most knowledgeable technical experts in the United States. Our team consists of highly regarded writers with vast experience in smartphones, computer components, technology apps, security, and photography, among other fields.

Related Stories

  • All Post
  • Best Picks
  • Explainers
  • How To
  • News
  • Versus
Attacks Targeting OMIGOD Vulnerability Ramping Up

September 20, 2021

Microsoft released patches for a remote code execution vulnerability in the Open Management Infrastructure (OMI) framework this month, and attackers are increasingly exploiting it. This critical vulnerability, dubbed OMIGOD and tracked as CVE-2021-38647, was discovered to affect Linux virtual machines…

Many Businesses Have Not Yet Patched The Citrix Flaw

February 8, 2020

One in five businesses has not yet patched this critical vulnerability. Even though Positive Technologies disclosed a critical vulnerability in Citrix software that put 80,000 businesses in 158 countries at risk, one in five businesses have yet to patch the…

Get more info



Best Products

Buying Guides

Contact Us

About Us

We provide a platform for our customers to rate and review services and products, as well as the stores that sell them. We research and compare the most popular brands and models before narrowing it down to the top ten, providing you with the most comprehensive and reliable buying advice to help you make your decision.


BestTopReviewsOnline.com is a participant in the Amazon Services LLC Associates Program, an affiliate advertising program designed to provide a means for sites to earn advertising fees by advertising and linking to Amazon.com. As an Amazon Associate I earn from qualifying purchases.


Address & Map

20 S Santa Cruz Ave, Suite 300, Los Gatos, CA 95030, United States

© 2022 BestTopReviewsOnline.com Pty. Ltd. All Rights Reserved. Licensing: All third-party trademarks, images, and copyrights used on this page are for comparative advertising, criticism, or review. As this is a public forum where users can express their opinions on specific products and businesses, the opinions expressed do not reflect those of BestTopReviewsOnline.com.