SolarWinds Attackers Gear Up for Typosquatting Attacks

  /     /     /  
Publicated : 23/11/2024   Category : security


SolarWinds Attackers Gear Up for Typosquatting Attacks


The same infrastructure traced back to Russian-speaking threat group Nobelium is being used to set up misspelled domain names, presaging impersonation attacks bent on credential harvesting, analysts say.



A typosquatting campaign intended to abuse popular brands is in the works, likely tied to Nobelium, the notorious Russian-state-backed group behind the
SolarWinds attacks
.
Recorded Future in its latest research is warning that the attackers are using infrastructure similar to that known to be used by Nobelium, to set up their command-and-control (C2) servers. 
This time, the group is preying on users looking online for specific brands who enter common spelling errors or typos in the URL. Those
misspelled domain names
 are purchased by threat actors, who stand up spoofed sites to trick people into giving up their credentials, credit-card details, and more. 
A key factor we have observed from Nobelium operators involved in threat activity is a reliance on domains that emulate other brands (some legitimate and some that are likely fictitious businesses), the
Recorded Future team explained
in their report. Domain registrations and typosquats can enable spearphishing campaigns or redirects that pose a threat to victim networks and brands.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
SolarWinds Attackers Gear Up for Typosquatting Attacks