IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
Story image
#
Malware
#
Phishing
#
Email Security

Infoblox uncovers cyber threats exploiting domain spoofing

Today
Author image
By Sean Mitchell, Publisher

Research from Infoblox has provided new insights into the exploitation of spoofed domains within modern malicious spam (malspam) campaigns.

These campaigns involve sending unsolicited emails containing harmful attachments or links, which aim to infect computers with malware or extract sensitive information. Despite existing security measures, threat actors continue to use domain spoofing as a method to bypass these controls.

The 2024 research by Infoblox identified a threat actor, named Muddling Meerkat, known for their unusual DNS operations conducted via the Chinese Great Firewall. Following this discovery, data shared by various individuals allowed Infoblox to expose multiple malspam campaigns employing similar techniques, collectively labelled as Muddling Malspam.

The research reveals how threat actors exploit domain spoofing and how pervasive this technique is. The information was gathered through a collective effort following the initial Muddling Meerkat research, with various individuals sharing data showing Muddling Meerkat behavior with the researchers. This highlights the significance of collaborative approaches in cybersecurity for enhancing threat detection and mitigation strategies.

Domain spoofing involves threat actors faking the sender's email address, creating the impression of a legitimate source. By utilizing old or neglected domains, these actors evade security measures that often rely on the age of the sender domain to detect malicious activity. Despite numerous protective mechanisms against spam and spoofing, Infoblox's research indicates continued prevalence of spoofing.

The research also identified QR code phishing campaigns targeting individuals in greater China. These campaigns incorporate QR codes in email attachments, directing victims to phishing sites, and employ registered domain generation algorithms (RDGAs) to produce short-lived domains.

Japanese phishing campaigns were also highlighted, targeting users by impersonating well-known brands such as Amazon and SMBC, Japan's large banking institution. These operations use traffic distribution systems (TDS) to guide victims who meet specific criteria to counterfeit login pages, while simultaneously avoiding detection by security entities.

Another identified trend is in extortion campaigns, where perpetrators claim the recipient's device has been compromised and demand Bitcoin payments to withhold supposedly embarrassing information. Here, attackers add credibility to their threats by spoofing the recipient's own email address.

Researchers encountered a mysterious operation allegedly conducted by "Shanghai Yakai," purportedly a Chinese freight company. These involve sending innocuous Excel attachments without clear intent, creating an ambiguous spam campaign that lacks a call to action.

The persistence and evolution of these campaigns underscore the ever-present nature of cyber threats and the need for active collaboration in the cybersecurity community to pre-empt and neutralise these tactics.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Australian Computer Society adds 10 new tech roles
Foresight into security: i-PRO predicts 2025 trends
Verkada appoints new VP for JAPAC Channel Sales strategy
Vectra AI launches global scholarship for cybersecurity skills
SentinelOne appoints new VP for Australia & New Zealand
Top stories
Verizon & Honeywell collaborate on new retail tech bundle
Okta appoints Swan Chin Yeo to lead ASEAN strategy
How to streamline business travel with artificial intelligence-powered expense management
Why unified secure access service edge is the next critical evolution in secure network architecture
AI in 2025: Driving sustainability, security, and growth across Asia Pacific