SolarWinds Attackers Gear Up for Typosquatting Attacks
The same infrastructure traced back to Russian-speaking threat group Nobelium is being used to set up misspelled domain names, presaging impersonation attacks bent on credential harvesting, analysts say.
A typosquatting campaign intended to abuse popular brands is in the works, likely tied to Nobelium, the notorious Russian-state-backed group behind the SolarWinds attacks.
Recorded Future in its latest research is warning that the attackers are using infrastructure similar to that known to be used by Nobelium, to set up their command-and-control (C2) servers.
This time, the group is preying on users looking online for specific brands who enter common spelling errors or "typos" in the URL. Those misspelled domain names are purchased by threat actors, who stand up spoofed sites to trick people into giving up their credentials, credit-card details, and more.
"A key factor we have observed from Nobelium operators involved in threat activity is a reliance on domains that emulate other brands (some legitimate and some that are likely fictitious businesses)," the Recorded Future team explained in their report. "Domain registrations and typosquats can enable spearphishing campaigns or redirects that pose a threat to victim networks and brands."
About the Author(s)
You May Also Like
Why Effective Asset Management is Critical to Enterprise Cybersecurity
May 21, 2024Finding Your Way on the Path to Zero Trust
May 22, 2024Extending Access Management: Securing Access for all Identities, Devices, and Applications
June 4, 2024Assessing Software Supply Chain Risk
June 6, 2024Preventing Attackers From Wandering Through Your Enterprise Infrastructure
June 19, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024