A cyber-espionage group used a legitimate tool to shield their backdoor from analysis attempts to avoid detection. In their effort, the hackers also used a fake host header named after a known news site. The threat actor tried to hide signs of compromise using the Enigma Protector software. There are strong indications that the group used this backdoor since March 2017, deploying dozens of variants that contacted at least 15 command and control domains. Researchers from multiple cyber security tracked the campaigns from this threat actor and analyzed the malware, tactics, and infrastructure used in the attacks.
Source: https://www.bleepingcomputer.com/news/security/hackers-hide-malware-c2-communication-by-faking-news-site-traffic/