The hacking group behind the DNSpionage campaign have become more choosy in their targets and have released a new form of malware to further their goals. DNSpionage, first discovered in late 2018 by Cisco Talos, utilizes fake websites and specializes in DNS tampering to redirect traffic from legitimate domains to malicious ones. The threat actors also make use of free Let’s Encrypt security certificates for redirected domains.
Source: ZDNet