DNS Security

Framing the AkiraBot Framework Under the DNS Lens

SentinelLABS recently dug deep into AkiraBot, a framework made to spam website chats and contact forms to promote a low-quality search engine optimization (SEO) service. So far, the bot has targeted 400K+ websites and spammed 80K+ websites since September 2024.

Shining the DNS Spotlight on Lumma Stealer

The U.S. Department of Justice seized 114 domains connected to a major information-stealing campaign utilizing Lumma Stealer on 21 May 2025. The Cybersecurity and Infrastructure Security Agency (CISA) released the list of indicators of compromise (IoCs) on the same date.

A DNS Examination of the Phishing Campaign Targeting Japanese Brokerage Firms

Yahoo! News Japan reported cases where securities accounts were hijacked so cybercriminals could sell stocks without their rightful owners' permission. More than 3,500 fraudulent transactions have already been recorded from January to April 2025 alone, amounting to stock owner losses of ¥300+ billion.

A DNS Deep Dive into the LabHost PhaaS Infrastructure

The Federal Bureau of Investigation (FBI) shared a warning on 29 April 2025 about the LabHost phishing-as-a-service (PhaaS) campaign that threatened the security of users worldwide, along with a massive list of related indicators of compromise (IoCs). WhoisXML API embarked on an in-depth analysis of the IoCs through a DNS deep dive.

New MITRE ATT&CK Groups for 2025: A DNS Deep Dive

The MITRE Corporation updates its list of groups on the ATT&CK page every six months, specifically in April and October each year. The Updates - April 2025 advisory listed seven new groups with corresponding lists of indicators of compromise (IoCs) listed in the References section. Take a look at specific IoC-related details for each group below.

Global Domain Activity Trends Seen in Q1 2025

Based on our Q1 2025 ranking of the most popular gTLDs and ccTLDs, the same players pretty much made the list. The .com gTLD remained in first place while the other gTLD extensions like .xyz, .top, and .shop lagged far behind. Among the ccTLDs, only .de made it to the top 10.

Unlocking the DNS Strongbox of BADBOX 2.0

HUMAN's Satori Threat Intelligence and Research Team recently uncovered and partially disrupted BADBOX 2.0 in collaboration with Google, Trend Micro, Shadowserver, and other partners. The threat has been dubbed "the largest botnet of infected connected TV (CTV) devices" uncovered to date.

Unearthing the DNS Roots of the Latest Lotus Blossom Attack

Cisco Talos recently uncovered multiple Lotus Blossom cyber espionage campaigns targeting government, manufacturing, telecommunications, and media organizations. The group used Sagerunex and other hacking tools after compromising target networks.

Rounding Up the DNS Traces of RA World Ransomware

Symantec recently reported that a China-based threat actor who has been involved in installing backdoors in the systems of target government institutions (i.e., cyber espionage) has turned toward spreading RA World ransomware (i.e., a cybercriminal act) this time. Going from one act to the other is not usual for attackers.

Tempering Tax Season Troubles with DNS Intel

Each year, threat actors zoom in on U.S. taxpayers in a bid to intercept their payments and line their pockets instead. And while the tax day - 15 April 2025 - has passed, those who need more time can settle their dues up to 15 October 2025 without getting penalized if they requested an extension.