Cloudy with a Chance of Hijacking Forgotten DNS Records Enable Scam Actor

SUMMARY :

Hazy Hawk, a sophisticated threat actor, exploits abandoned cloud resources of high-profile organizations through DNS hijacking. By identifying and taking over dangling CNAME records pointing to unused cloud services, they create malicious URLs on reputable domains. These URLs lead users to scams and malware via traffic distribution systems. Hazy Hawk employs layered defenses, including domain obfuscation and content theft from legitimate websites, to avoid detection. They also leverage push notifications to maintain persistent access to victims. The attacks have impacted government agencies, universities, and major corporations worldwide since at least December 2023. This campaign highlights the importance of proper DNS management and the growing sophistication of cybercriminals in the affiliate marketing space.

OPENCTI LABELS :

scams,dns hijacking,traffic distribution systems,cloud resources,affiliate marketing,push notifications,cname records


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Cloudy with a Chance of Hijacking Forgotten DNS Records Enable Scam Actor