Whois

Divulging the DNS Secrets of DarkSpectre

Koi Security exposes the DNS infrastructure behind DarkSpectre's latest cyber campaign. Their investigation uncovers nearly 9,000 suspect domains and IP links, revealing how a stealthy browser extension compromised 2.2 million users.

Analyzing Account Takeover Attacks Leveraging SquarePhish2 and Graphish

State-sponsored and criminal groups exploited OAuth weaknesses using SquarePhish2 and Graphish to hijack Microsoft 365 accounts, prompting data theft and broader infiltration campaigns. Analysts uncovered 46 confirmed indicators and hundreds of related artifacts.

DNS Spotlight: The Silver Fox in the Henhouse

Silver Fox, a Chinese state-backed hacking group, disguised its espionage campaign as Russian activity using Cyrillic-laced lures and DNS infrastructure, deploying ValleyRAT to steal intelligence and finance operations through Microsoft Teams abuse.

An In-Depth Analysis of the Ashen Lepus AshTag-Enabled Attack

A sophisticated campaign by Ashen Lepus targeted Arabic-speaking government entities using a newly identified malware suite, AshTag. Enhanced encryption, obfuscation techniques, and extensive infrastructure analysis signal a notable evolution in the group's tactics.

Illuminating ShadyPanda DNS Infrastructure Facts

A seven-year malware campaign, orchestrated through seemingly trusted browser extensions, exposed millions of users to DNS abuse. ShadyPanda's infrastructure reveals how trust, subtlety and DNS manipulation sustained an enduring threat.

Mining for DNS Maxims: Top 10 Malware of Q3 2025

An analysis of domains linked to the top malware strains of Q3 2025 reveals early threat signals, typosquatting patterns, and thousands of connections to malicious infrastructure, underscoring the predictive power of DNS telemetry.

Thumbing Through the DNS Traces of TamperedChef

Acronis researchers uncovered a vast malvertising scheme named TamperedChef, which exploited legitimate-looking apps to deploy malicious scripts, steal data, sell remote access, and lay the groundwork for espionage and ransomware campaigns.

DNS Spotlight: New MITRE ATT&CK Group Entrants as of October 2025

MITRE introduced nine new threat groups tied to major vulnerabilities, with deep DNS analysis uncovering 108 malicious domains, 31 risky IPs, and multiple emerging artifacts that highlight evolving attack patterns and early warning opportunities ahead.

Going DNS Deep Diving Into GhostCall and GhostHire

A DNS investigation into GhostCall and GhostHire uncovers how BlueNoroff targeted tech leaders and Web3 developers, exposing extensive data theft and a wide malicious infrastructure that included suspicious domains, weaponized IP addresses, and typosquatted assets.

COLDRIVER’s MAYBEROBOT in the DNS Spotlight

Russia-linked threat actor COLDRIVER has revamped its malware into a new backdoor called MAYBEROBOT, targeting NGOs and dissidents. Early DNS signals and IP resolutions reveal a methodically evolving cyber-espionage campaign.