216.73.216.86

Cloudy with a Chance of Hijacking Forgotten DNS Records Enable Scam Actor

· Published 21/05/2025 16:09 · Modified 21/05/2025 22:15

Export JSON

Essential information

Published
21/05/2025 16:09
Modified
21/05/2025 22:15
Tags
2025-05-21 affiliate marketing cloud resources cname records dns hijacking push notifications scams traffic distribution systems
Related entities
19 observables, 1 intrusion sets (apt), 4 techniques (mitre), 5 others

Description

Hazy Hawk, a sophisticated threat actor, exploits abandoned of high-profile organizations through . By identifying and taking over dangling pointing to unused cloud services, they create malicious URLs on reputable domains. These URLs lead users to and malware via . Hazy Hawk employs layered defenses, including domain obfuscation and content theft from legitimate websites, to avoid detection. They also leverage to maintain persistent access to victims. The attacks have impacted government agencies, universities, and major corporations worldwide since at least December 2023. This campaign highlights the importance of proper DNS management and the growing sophistication of cybercriminals in the space.

External references