February 27, 2024 at 09:45AM
Guardio reported a significant campaign named SubdoMailing, conducted by threat actor ResurrecAds, using 8,800 hijacked domains and over 13,000 associated subdomains to send approximately five million emails daily. This campaign aims to exploit forgotten subdomains from major companies to bypass spam filters and lead users to phishing and scam websites.
Key takeaways from the meeting notes are as follows:
– Guardio reported on a significant campaign it dubbed SubdoMailing, attributed to a threat actor named ResurrecAds, which used thousands of hijacked domains and subdomains to send out around five million emails per day.
– The threat actor has been finding long-forgotten subdomains with associated DNS records such as CNAME and SPF to send emails that are more likely to bypass spam filters.
– Emails sent as part of the SubdoMailing campaign are designed to trick users into interacting with messages that lead to scams or phishing websites.
– ResurrecAds operates an ‘ad network’ aimed at generating as many clicks as possible for its clients.
– Guardio has released an online tool to check if a domain has been compromised and abused in the SubdoMailers campaign.
– Patrick Harr, CEO at SlashNext, highlighted the importance of AI technology like computer vision in detecting threats hiding on legitimate sites, emphasizing the limitations of traditional security protocols like DMARC, DKIM, and SPF.
Let me know if any additional information is required.