Blog Security Identifying a DNS Exfiltration Attack That Wasn’t Real — This Time Moshe Cohen is a Senior Security Analyst at Akamai. In late April, 2023, the Akamai ESG SecOps team received a Domain Name System (DNS) exfiltration alert for a customer who had deployed our Secure Internet Access service.  After analyzing the customer’s DNS logs, the team was able to identify that the exfiltration activity was associated with the Cobalt Strike tool. We concluded that this domain was either being used by a malicious threat actor or by the customer itself as a part of a security testing exercise. What is DNS exfiltration? \r\n DNS exfiltration is a technique that attackers use to steal sensitive data from a target system or network by transmitting it through DNS queries and responses. This method is often used in advanced persistent threat (APT) attacks, in which attackers seek to persistently evade detection in the target environment.…