Press ESC to close

Network Abuses Leveraging High-Profile Events: Suspicious Domain Registrations and Other Scams

Category Details
Threat Actors Opportunistic threat actors leveraging trending events like the Olympics and ChatGPT. Persistent network actors identified exploiting both Tokyo 2021 and Paris 2024 Olympics.
Campaign Overview Exploitation of high-profile events through deceptive domains, phishing, scams (e.g., ticket fraud, cryptocurrency schemes, and gambling sites).
Target Regions/Victims Global audience, primarily those interested in the 2024 Paris Olympics and ChatGPT-related topics.
Methodology Registering deceptive domains, phishing campaigns, malicious redirections, scams (fake giveaways, cryptocurrency schemes, gambling).
Products Targeted Olympic-related websites, cryptocurrency wallets, and social media users via phishing.
Malware Reference Olympics.apk – a suspicious Android app linked to fake cryptocurrency investment schemes.
Tools Used Domain registration with event-specific keywords, phishing pages, malicious apps.
Vulnerabilities Exploited None directly mentioned; exploits opportunistic interest in global events.
TTPs – Use of event-specific keywords in domain registrations.
– DNS and URL traffic manipulation.
– Persistent infrastructure reuse (e.g., shared IPs between 2021 and 2024 Olympic campaigns).
Attribution Unidentified malicious actors with signs of organized efforts (e.g., shared DNS hosts, WHOIS redactions pointing to Chinese provinces for gambling domains).
Recommendations – Proactive monitoring of domain registration, DNS, and URL traffic.
– Block suspicious domains and implement advanced threat detection tools like Palo Alto Networks Advanced DNS Security and WildFire.
Source Palo Alto Networks

Read full article: https://unit42.paloaltonetworks.com/suspicious-domain-registration-campaigns/

Disclaimer: The above summary has been generated by an AI language model

Source: Palo Alto Networks

Published on: December 6, 2024

Leave a Reply

Your email address will not be published. Required fields are marked *