Security researchers at Ciscos Talos intelligence and research group have discovered what they describe as an extremely evasive and uncommon way for threat actors to command and to communicate with a Remote Access Trojan (RAT) on an infected system. The multi-stage method involves the use of the Domain Name System (DNS) in a manner that makes bidirectional C2 communication between an infected host and a malicious server almost invisible – even to organizations that have implemented controls for restricting outbound DNS.”]
Source: https://www.darkreading.com/attacks-breaches/attackers-employ-sneaky-new-method-to-control-trojans