/ Industry Updates

Signs of Ongoing RedLine Stealer Operation Found Through a DNS Deep Dive

RedLine Stealer seems to have stolen cybercriminals' hearts as its usage has continued despite cybersecurity efforts to thwart it. Researchers have published reports about the stealer in the past, but its operators may have updated their arsenal with new domains and IP addresses to evade detection and consequent mitigation. more

Rogue Bulletproof Hosts May Still Be Alive and Kicking as DNS Intel Shows

Rogue bulletproof hosts are part and parcel of the cybercriminal market that is hidden deep underground. Without means to easily evade detection, attribution, and incarceration, many of today's cybercriminals would not be able to continue their malicious operations. more

eCommerce Business on .Store Sees More Traffic and Visibility; 12-Month Study Indicates

Earlier this month, an independent 12-month SEO study conducted by an eCommerce marketing agency revealed that the eCommerce businesses using .Store domains got 87% more traffic and a 12% lower cost per conversion. more

Carding, Still in Full Swing as DNS Intel Shows

Carding has been around since the 1980s but has evolved to the point that even less experienced cybercriminals can now launch campaigns. How? Via the carding forums that riddle the Web these days. more

A DNS Deep Dive into BreachForums Domains

The Federal Bureau of Investigation (FBI) shut down BreachForums, a forum for English-speaking black hat hackers, on 21 March 2023, following the arrest of its owner Conor Brian Fitzpatrick. more

APT29 Goes from Targeted Attacks to Phishing via NOBELIUM: A DNS Deep Dive

APT29, believed to be an espionage group from Russia, became known for launching targeted attacks against organizations in Ukraine. But over the course of investigating the threat group, Mandiant discovered that it may have a hand in cybercriminal operations, specifically phishing, as well. more

Tracing BlackNet RAT’s History through a DNS Deep Dive

BlackNet RAT, first discovered during the COVID -- 19 pandemic and being distributed via spam messages offering an effective cure for the virus, seems to have outlived the global crisis. more

Phisher Abusing .com TLD?

Phishing campaigns almost always require a massive volume of domains in order to succeed. Phishers, after all, need to have readily weaponizable vectors at their disposal in case the ones they're currently employing get detected and consequently blocked. more

Phishing Group Found Abusing .top Domains

Threat researcher Dancho Danchev recently discovered a phishing operation that seemed to be abusing .top domains for which he collated 89 email addresses that served as indicators of compromise (IoCs).  more

Fishing for QR Code Phishing Traces in the DNS

Threat actors have been seen yet again abusing a technology meant to make things easy for all of us -- QR codes -- in one of the most commonly utilized cybercriminal activities - phishing. The rise in QR code phishing isn't surprising given that according to several studies, as much as 86% of the entire global population use their mobile phones for all kinds of transactions, including financial ones. more