
Iranian hacker group becomes first known APT to weaponize DNS-over-HTTPS (DoH) - furcyd
https://www.zdnet.com/article/iranian-hacker-group-becomes-first-known-apt-to-weaponize-dns-over-https-doh/
======
codezero
tldr: some malware uses DNS to exfiltrate data (to obfuscate it, and probably
that DNS is often whitelisted), and now they are using the same exfiltration
technique but using DNS over HTTPS.

