“Wekby” Group Uses DNS Requests for C&C Communications

Palo Alto Networks researchers noticed that a China-linked advanced persistent threat (APT) actor has been using a piece of malware that leverages DNS requests for command and control (C&C) communications.

The group, known as Wekby, APT 18, Dynamite Panda and TG-0416, is believed to be responsible for the 2014 attack on Community Health Systems, one of the largest hospital operators in the United States. In that operation, the attackers reportedly stole 4.5 million patient records by exploiting the OpenSSL vulnerability dubbed Heartbleed.

Read More Securityweek