DNS Security

A DNS Investigation of the 32 Doppelganger Websites Seized by the U.S. Government

The U.S. Office of Public Affairs issued a statement on 4 September 2024 regarding the seizure of 32 websites that are believed to be part of the so-called "Doppelganger" campaign.

Investigating the Proliferation of Deepfake Scams

While deepfakes may sometimes be perceived as amusing, their potential for harm is significant and far-reaching. One finance worker for a multinational firm, for example, was tricked into paying out US$25 million to a deepfake scammer who pretended to be their company's chief financial officer (CFO) in a video call just this February.

Examining the DNS Underbelly of the Voldemort Campaign

Toward the end of August 2024, a customized malware dubbed "Voldemort" based on strings found in its code was used in a cyber espionage campaign targeting various countries.

2024 Domain Intelligence Study of 6 APT Groups Notorious for Targeting Europe

At least 40 advanced persistent threat (APT) groups have trailed their sights on several European countries over the years, and that isn't surprising, given that the continent serves as the headquarters of renowned international organizations like the European Union Agency for Law Enforcement Cooperation (Europol), INTERPOL, and the North Atlantic Treaty Organization (NATO).

Stripping Down the BlackSuit Ransomware Network Aided by DNS Data

Nearly 1 million individuals' information was stolen and exposed when threat actors launched a BlackSuit ransomware attack on 10 April 2024. The investigation revealed that the compromised data included the victims' Social Security numbers (SSNs), birthdays, and insurance claim information.

A DNS Deep Dive into the NetSupport RAT Campaign

Remote access trojans (RATs) can be considered the malware of choice by the world's most notorious advanced persistent threat (APT) groups. And there's a good reason for that. They are hard to detect, making them ideal for lateral movement, and also difficult to get rid of.

Tracking the DNS Footprint of the Polyfill Supply Chain Attackers

Threat actors can often find targeting certain organizations too much of a challenge. So they need to go through what we can consider back channels -- suppliers, vendors, or service providers.

Study by WhoisXML API Explores IDNs, Native-Language Characters, and Homograph Attacks

While the usage of internationalized domain names (IDNs) has allowed organizations the world over to enter the global market using their native-language domain names, it can also enable cyber attackers to craft look-alikes of legitimate domains they wish to spoof.

The Extended Reach of the Extension Trojan Campaign in the DNS

The ReasonLabs Research Team uncovered a new widespread polymorphic malware campaign that forcefully installed extensions on users' systems.

Inspecting Konfety’s Evil Twin Apps through the DNS Lens

Satori recently published a report on a massive fraud campaign they have dubbed "Konfety" (Russian word for "candy"). Sounds sweet, right?