VMware, eBay, and McAfee were unwittingly implicated in the phishing scandal.
In a large-scale phishing operation "SubdoMailing", which was uncovered by specialists from Guardio Labs, attackers compromised more than 8,000 subdomains of well-known brands and institutions, including eBay, VMware, McAfee, The Economist, Cornell University, CBS, Marvel, etc. This operation, the researchers found, is part of a larger effort by a specific hacker group to undermine the credibility and creditworthiness of compromised organizations.
The SubdoMailing operation allows attackers to send millions of malicious emails daily that seemingly originate from trusted domains and bypass all standard email security measures such as SPF, DKIM, SMTP Server, and DMARC. This campaign is characterized by sophisticated manipulation of DNS records of hijacked domains, which allows you to send spam and malicious emails on behalf of internationally recognized brands.
The disclosure of this malicious scheme came after Guardio's email security systems discovered unusual patterns in the metadata of an email linked to a long-outdated partnership between American TV host Martha Stewart and MSN.com. As a result of a detailed study, the researchers discovered a classic subdomain capture scheme, where emails sent from certain IP addresses were mistakenly passed by security systems as legitimate.
Guardio tracked the subdomain "msnmarthastewartsweeps.com" until the promotion campaign conducted 22 years ago, which was re-registered using the domain name registrar company Namecheap in September 2022. Now this domain is controlled by an attacker who has the ability to send emails on behalf of msn.com.
The hacker association, which Guardio experts track under the name "ResurrecAds", uses the strategy of resurrecting" dead " domains associated with large brands, to use them as a backdoor for exploiting legitimate services and brands in order to make a profit. This group demonstrates a high level of organization and technical sophistication, constantly scanning the Internet for forgotten subdomains of reputable brands to buy or compromise them.
In light of the growing complexity of fraudulent electronic transactions, Guardio Labs has even created a dedicated website with a SubdoMailing Checker tool to check the use of abandoned domains in this operation. This tool can provide organizations with all the information about known abuses, capture types, and relevant subdomains, as well as SPF records that require attention.
In a large-scale phishing operation "SubdoMailing", which was uncovered by specialists from Guardio Labs, attackers compromised more than 8,000 subdomains of well-known brands and institutions, including eBay, VMware, McAfee, The Economist, Cornell University, CBS, Marvel, etc. This operation, the researchers found, is part of a larger effort by a specific hacker group to undermine the credibility and creditworthiness of compromised organizations.
The SubdoMailing operation allows attackers to send millions of malicious emails daily that seemingly originate from trusted domains and bypass all standard email security measures such as SPF, DKIM, SMTP Server, and DMARC. This campaign is characterized by sophisticated manipulation of DNS records of hijacked domains, which allows you to send spam and malicious emails on behalf of internationally recognized brands.
The disclosure of this malicious scheme came after Guardio's email security systems discovered unusual patterns in the metadata of an email linked to a long-outdated partnership between American TV host Martha Stewart and MSN.com. As a result of a detailed study, the researchers discovered a classic subdomain capture scheme, where emails sent from certain IP addresses were mistakenly passed by security systems as legitimate.
Guardio tracked the subdomain "msnmarthastewartsweeps.com" until the promotion campaign conducted 22 years ago, which was re-registered using the domain name registrar company Namecheap in September 2022. Now this domain is controlled by an attacker who has the ability to send emails on behalf of msn.com.
The hacker association, which Guardio experts track under the name "ResurrecAds", uses the strategy of resurrecting" dead " domains associated with large brands, to use them as a backdoor for exploiting legitimate services and brands in order to make a profit. This group demonstrates a high level of organization and technical sophistication, constantly scanning the Internet for forgotten subdomains of reputable brands to buy or compromise them.
In light of the growing complexity of fraudulent electronic transactions, Guardio Labs has even created a dedicated website with a SubdoMailing Checker tool to check the use of abandoned domains in this operation. This tool can provide organizations with all the information about known abuses, capture types, and relevant subdomains, as well as SPF records that require attention.
