FlagThis

A sophisticated botnet is exploiting misconfigured DNS records on approximately 13,000 MikroTik routers to bypass email protection systems and deliver malware through spam campaigns. This botnet operation leverages a simple DNS misconfiguration to send malicious emails that appear to come from legitimate domains, distributing trojan malware and other malicious content.

Infoblox has issued a warning about a critical attack vector called the ‘Sitting Ducks attack’ that allows threat actors to gain complete control over a domain by hijacking its DNS configurations. This attack exploits misconfigurations in DNS settings, specifically when the domain server incorrectly points to the wrong authoritative name server. The attack leverages ‘lame delegation,’ a technique where a domain’s authoritative name server is misconfigured, allowing attackers to redirect traffic to their controlled servers. Infoblox has identified over 1 million registered domains vulnerable to this attack. The company has published a detailed report with indicators of compromise to assist organizations in mitigating this threat.