DomainTools

Hostile Takeover: A History of Evil Corp after a Leader is named by Law Enforcement

48 — Tue, 01 Oct 2024 14:24:34 +0000

tl;dr The threat group known as Evil Corp has shown they have resilience as they continue to iterate and regroup in an effort to evade sanctions. Today, the National Crime Agency (NCA) named another member of the infamous group, Alexsandr Rhyzenkov, has been named as the leader’s right hand man. In addition to this news, […]

The Resurgence of the “Manipulaters” Team - Breaking HeartSenders

54 — Fri, 31 Jan 2025 13:00:00 +0000

The Pakistan-based “Manipulaters” (their corruption of the word “manipulators”) represent a notorious and, in some respects, pioneering cybercrime empire. The Manipulaters have a decade-long history of selling phishing kits, spamming services, and malware. This history spans dozens of cybercrime marketplaces and the malicious domains associated with them are measured in the tens of thousands. The […]

Merry Phishmas: Beware US Postal Service Phishing During the Holidays

54 — Thu, 07 Dec 2023 16:55:35 +0000

For Cybercriminals, the Season of Giving is a Season for Taking Special note: A podcast is available on this topic, you can tune in below. With the holiday season approaching, DomainTools urges the public to exercise increased caution and remain vigilant against the threat of US Postal Service-themed (USPS) package redelivery phishing attacks. DomainTools is […]

Return to Sender - A Brief Analysis of a US Postal Service Smishing Campaign

54 — Thu, 28 Sep 2023 15:44:14 +0000

In recent weeks there has been a noticeable uptick in campaigns targeting the US Postal Service (USPS) as an institution, even in the usual deluge of phishing and smishing emails and text messages. The volume of these reaching our families and co-workers within a period of weeks piqued our natural curiosity to dig into it […]

The Most Prolific Ransomware Families: 2023 Edition

54 — Mon, 23 Dec 2024 15:37:00 +0000

The ransomware landscape has changed significantly since our last post, in which we identified the most prevalent cybercrime groups of the time and examined the industries most impacted by their activity. Our previous post came on the heels of a series of high-profile ransomware events, and as such we reviewed the activity of the top […]

Update: Financial Advisor Impersonation Ring Targets FINRA

54 — Thu, 09 Mar 2023 16:48:43 +0000

Escalation in Financial Advisor Impersonation Tactics DomainTools Research continues to track a well-organized financial advisor impersonation campaign with close ties to West Africa which was first shared in January. Notably, this financial advisor impersonation fraud ring now attempts to impersonate the Financial Industry Regulatory Authority (FINRA), an independent financial regulator that provides essential support to […]

No Blocking, No Issue: The Curious Ecosystem of Financial Advisor Impersonation Scams

54 — Thu, 26 Jan 2023 16:52:45 +0000

Introduction An increasingly common and highly effective fraud technique known as “pig butchering” uses a complex web of social engineering techniques to defraud victims. These scams rely on slowly building trust with a target–often under the guise of a financial advisor or successful investor–in order to convince targets to invest in a scam, such as […]

Purpose Built Criminal Proxy Services and the Malicious Activity They Enable

54 — Thu, 01 Dec 2022 16:40:13 +0000

Obfuscation of Malicious Behavior It is both natural and expected that industries grow, evolve, and increase their sophistication, and cybercriminal activity is unfortunately no exception. As defender techniques change, so must a bad actor’s, and the services that support them become an important subject of consideration and understanding. Whether it is “crypter” services that help […]

Crypto Winter: Fraudsters Impersonate Ukraine’s Government to Steal NFTs and Cryptocurrency

54 — Thu, 08 Dec 2022 16:49:27 +0000

Introduction With winter approaching and Ukraine’s critical infrastructure repeatedly targeted by Russian missiles, impersonating a sovereign nation fighting for its survival to collect fraudulent donations from well-meaning people is objectionable but ultimately unsurprising. Donation estimates were near $1 billion in USD as of April and a specific note that cryptocurrency donations were given to Ukraine, […]

Crypto Phishing and Credential Stealer Footprint Continues to Expand

48 — Tue, 25 Oct 2022 20:01:24 +0000

DomainTools Research Uncovers Additional Infrastructure Related to Recent Malware Campaigns Targeting Windows & Android Users Recent posts related to a typosquatting malware campaign targeting Windows and Android users (as well as a host of cryptocurrency and other services) caught our attention and we felt it was important to contribute to the effort in identifying and […]