Domain Names

Radix’s Premium Domains Surge in H2 2024, Led by .Fun Boom

Radix's latest Premium Domains Report for the second half of 2024 highlights a strong performance across its portfolio, with .fun domains experiencing exceptional growth. Premium domain registrations increased by 11% year-on-year, while premium renewals rose by 16%.

Unloading MintsLoader IoCs Using DNS Intelligence

Several American and European organizations across the energy, oil and gas, and legal sectors were recently targeted by a campaign leveraging MintsLoader, a malware loader that delivers malicious software to a victim's device.

DNS Spotlight: Rockstar2FA Shuts Down, FlowerStorm Starts Up

It's not unusual for threat actors to pick up after fellow cyber attackers shut down their operations. Many of them still want to cause as much trouble without having to start from scratch - building their own malicious creations and infrastructure.

DNS Deep Dive: Peeking into Back Doors to Abandoned but Live Backdoors

watchTowr Labs investigated thousands of abandoned but live backdoors installed on various compromised sites to determine what data the original backdoor owners have stolen. They published their findings in "Backdooring Your Backdoors -- Another $20 Domain, More Governments" and, in the process, identified 34 domains as indicators of compromise (IoCs).

DNS Insights on a Free Form Builder Service Phishing Campaign

Unit 42 of Palo Alto Networks recently uncovered a phishing campaign targeting European companies to harvest victims' account credentials and take over their Microsoft Azure cloud infrastructure. According to their report, the phishing attempts leveraging the HubSpot Free Form Builder service peaked in June 2024.

More Signs of the more_eggs Backdoor Found in the DNS

Using resumes to fake job applications is not a novel social engineering lure for run-of-the-mill phishing campaigns. But utilizing the same tactic to launch a targeted attack isn't that common.

Illuminating Lumma Stealer DNS Facts and Findings

The Lumma Stealer, known for using the malware-as-a-service (MaaS) model, has figured in various campaigns targeting victims in countries like Argentina, Colombia, the U.S., the Philippines, and others since 2022.

Domain Name Industry Brief Reports 364.3 Million Domain Name Registrations in Q4 2024

The fourth quarter of 2024 closed with 364.3 million domain name registrations across all top-level domains (TLDs), an increase of 2.0 million domain name registrations compared to the previous quarter, according to the latest issue of the Domain Name Industry Brief Quarterly Report, released Thursday at DNIB.com.

The MOONSHINE Exploit Kit and the DarkNimbus Backdoor in the DNS Spotlight

The Earth Minotaur threat group recently revived the MOONSHINE exploit kit, first discovered in 2019. According to Trend Micro's in-depth analysis, MOONSHINE had more than 55 servers in 2024 and has been updated with more exploits and functions compared with its 2019 version.

Peering Into Midnight Blizzard’s DNS Footprint

Thousands of people working for organizations in the public, academia, and defense sectors are being targeted by spear-phishing attacks operated by a threat group called "Midnight Blizzard." The messages contained a Remote Desktop Protocol (RDP) configuration file connected to the malicious actor's server.