Gu a r di o Labs. SUBDOMAILING AND discovered a serious greece telegram data subdomain hijacking incident that affected thousands of subdomains. They coined the term “Sub do Mailing” to describe this attack chain that uses compromised subdomains of well-known companies to send malicious emails. The investigation found that the malicious activity has been active since 2022.
Characteristics of Sub do Mailing Attack
Sub do Mailing can be considered an evolved form of social engineering that exploits the reliability of well-known subdomains. Attackers perform this malicious campaign on a large scale by sending millions of phishing emails from hijacked subdomains.
In a subdomain hijack, an attacker takes control of a subdomain associated with a legitimate root domain, which then becomes. SUBDOMAILING AND a hotbed for all sorts of malicious activity. Hijacked subdomains can be used to launch phishing campaigns, distribute inappropriate maximizing efficiency and driving revenue with revops: a comprehensive guide content, sell illegal substances, or spread ransomware. Inactive subdomains often remain dormant for a long time. Even more dangerous, these subdomains pave the way for subdomain hijacks. Once attackers take control of these subdomains, they can get away with it!
Case Analysis of Sub do Mailing Attack
According to an article published by the company, thousands of suspicious email traffic was generated from seemingly legitimate SUBDOMAILING AND subdomains of well-known brands. These included big brands like MSN, VMware, McAfee, The Economist, Cornell University, CBS, Marvel, eBay, and many more! These emails used a sense of urgency to manipulate users into clicking on suspicious links. These links redirected users to harmful destinations. These ranged from intrusive ads to more dangerous phishing sites designed to steal sensitive information.
Preventive measures against Sub do Mailing attacks
Due to the unique nature of Sub do Mailing attacks, their success rate is expected to be high. Gu a r d i o explained that Sub do Mailing uses highly sophisticated tactics to manipulate legitimate subdomains of such popular brands. These attacks are difficult to detect and require a thorough investigation by Guar di o’s cybersecurity experts.
Further inspection of the SPF record for the msn.com subdomain led experts to discover a rabbit hole of 17,826 nested IP addresses that were authorized to send emails on behalf of the domain. The intricacies of the SPF records hinted at a very suspicious yet taiwan lead elaborate method of manipulating authentication filters. What’s more, the investigation revealed that this MSN subdomain pointed to another domain via a CNAME DNS record. Therefore, once the attacker purchased another domain, they could hijack the MSN subdomain. So, how did the attacker do this? Let’s take a look:
keeps t