Domain Names

Sponsored
by

Domain Names / Industry Updates

DNS Investigation: Threat Actor TA4922 Goes Global

TA4922 is expanding beyond nearby targets, deploying a fast-changing malware arsenal across Europe and Africa. A DNS investigation uncovered thousands of connected domains, dozens of malicious assets and signs of compromised victim infrastructure worldwide today.

Why Operational Readiness Will Define the Next Generation of TLDs

Launching a top-level domain is only the beginning. Hello Registry combines ICANN-approved expertise, flexible infrastructure and long-term operational support to help brands, communities and innovators build and manage secure, future-ready TLDs with confidence for years.

Under the DNS Hood of an Ongoing Legacy MSHTA Tool Attack

A DNS analysis of infrastructure behind ongoing MSHTA abuse uncovered malicious registrations, typosquatting clusters, victim activity, and hundreds of linked indicators, revealing how legacy Windows tooling continues enabling modern malware campaigns through interconnected DNS intelligence.

What Running .CA and .NL Taught Us About Building Better Registry Infrastructure

Running .CA and .NL has taught Hello Registry that true back-end excellence depends on resilience, adaptability and operational experience, helping registries navigate evolving technical, policy and security demands with confidence and long-term stability.

macOS ClickFix Campaign Delivers AMOS and Other Infostealers: A DNS Deep Dive

A DNS deep dive into Microsoft's macOS ClickFix campaign uncovered victim infrastructure, typosquatting clusters, malicious registrations, and hundreds of linked indicators, exposing a broader infostealer ecosystem beyond the original 140 network IoCs identified by Microsoft.

Making the Most of the 2026 New gTLD Application Round

The ICANN new gTLD application window is now open, giving organizations a limited opportunity to secure and operate their own top-level domain. Learn how Hello Registry can help simplify the application process from start to launch.

DNS Deep Dive: TA416 European Government Espionage Campaigns

An extensive DNS analysis of TA416's renewed European espionage campaign uncovered malicious infrastructure, typosquatting clusters, historical network activity, and thousands of connected artifacts that expand defenders' visibility beyond Proofpoint's original indicators for proactive threat hunting.

DNS Deep Dive: GHOST STADIUM Takes Advantage of FIFA 2026

A DNS investigation of the GHOST STADIUM phishing operation uncovered typosquatting clusters, malicious infrastructure, victim-linked IP activity, and thousands of connected domains, revealing the scale of a FIFA 2026 ticket fraud ecosystem.

A DNS Investigation of Shadow-Earth-053

A DNS investigation of Shadow-Earth-053 uncovered hundreds of victim-linked connections and a sprawling infrastructure tied to China-aligned cyber-espionage. Analysis of known indicators exposed additional domains, IP addresses, and registration patterns that broaden the campaign's suspected footprint.

DNS Deep Diving into FakeWallet Crypto Stealer

A DNS-focused investigation of the FakeWallet crypto-stealer campaign uncovered links to malicious infrastructure, potential victims, and thousands of connected domains, revealing signs of pre-staged operations and suggesting the wallet-phishing scheme was broader and longer-running than first reported.