Palo Alto’s Unit42 security team has a report out on “domain shadowing,” a technique where threat actor gains access to a domain’s DNS records and use it to create subdomains without the owner’s knowledge, where they host malicious content. The company said it’s currently detecting 12,197 domains that have been “shadowed” and have subdomains hosting malware or other malicious content.
Unit 42 researchers spotted 12,197 cases of domain shadowing between April and June. The phishing campaign compromised 16 domains to build 649 sub-domains.
Read more in
