Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz

NetmanageIT OpenCTI - opencti.netmanageit.com

Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz



SUMMARY :

Unit42 explores Sniper Dz, a popular phishing-as-a-service (PhaaS) platform targeting social media and online services. Over 140,000 phishing websites associated with Sniper Dz were identified in the past year. The platform offers an admin panel with phishing page catalogs, allowing users to host on Sniper Dz infrastructure or download templates. Surprisingly, services are free, likely because Sniper Dz collects stolen credentials. The platform uses public proxy servers to hide phishing content, obfuscates code, and employs centralized infrastructure for credential exfiltration and victim tracking. Sniper Dz abuses legitimate SaaS platforms, particularly Blogspot, and uses brand names or trends as keywords in hostnames. After credential theft, victims may be redirected to malicious advertisements or potentially unwanted applications.

OPENCTI LABELS :

phishing,credential theft,phaas,victim tracking,sniper dz


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz