Triad Nexus: FUNNULL CDN hosting DGA domains for suspect Chinese sites
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
Silent Push has uncovered a large-scale malicious infrastructure dubbed 'Triad Nexus' hosted on the FUNNULL content delivery network. The investigation revealed over 200,000 unique hostnames, with 95% created using Domain Generation Algorithms. FUNNULL is linked to hosting suspect gambling websites, investment scams, and a retail phishing campaign targeting major brands. Connections were found to the Suncity Group, previously implicated in money laundering for the Lazarus crime group. A supply chain attack involving the polyfill.io JavaScript library affected over 110,000 websites. The research exposes FUNNULL's role in facilitating various criminal activities and raises concerns about its practices as a CDN provider.
OPENCTI LABELS :
phishing,cdn,dga,supply chain attack,gambling,funnull,triad nexus,suncity group
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Triad Nexus: FUNNULL CDN hosting DGA domains for suspect Chinese sites