Pulling the Threads on the Phish of Troy Hunt
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A sophisticated phishing attack targeted Troy Hunt, compromising his Mailchimp account. The analysis reveals connections to the Scattered Spider group through domain pivoting. Using Validin's DNS, host response, and registration data, dozens of related domain names were uncovered. The investigation exposed a fake Cloudflare turnstile and bogus registration details. Pivoting on various features led to the discovery of multiple related domains and IP addresses. The attack's tactics strongly resemble those of Scattered Spider, including the reuse of previously used domains. The findings demonstrate the power of Validin's databases for uncovering adversary infrastructure and strengthening threat intelligence.
OPENCTI LABELS :
phishing,dns pivoting,threat intelligence,infrastructure discovery,mailchimp,validin,troy hunt
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Pulling the Threads on the Phish of Troy Hunt