Cybersecurity Reading List - Week of 2025-10-27 - DomainTools Investigations | DTI
Commentary followed by links to cybersecurity articles that caught our interest internally.| DomainTools Investigations | DTI
Commentary followed by links to cybersecurity articles that caught our interest internally.| DomainTools Investigations | DTI
Ian Campbell's recap of DTI's participation at BSides NoVa| DomainTools Investigations | DTI
A deep dive into the 4-stage NPM phishing attack flow that led to high-profile repository account takeover. Protect your development security. The post SecuritySnack: Repo The Repo - NPM Phishing appeared first on DomainTools Investigations | DTI.| DomainTools Investigations | DTI
A massive crypto wallet-drain conspiracy links fake trading sites to a single criminal IP address. See our investigative deep dive into how these orchestrated scams are draining user funds. The post Inside a Crypto Scam Nexus appeared first on DomainTools Investigations | DTI.| DomainTools Investigations | DTI
Starting in September 2024, a financially motivated cluster of more than 80 spoofed domain names and lure websites began targeting users with fake applications and websites themed as government tax sites, consumer banking, age 18+ social media content, and Windows assistant applications. The actor used these spoofed domains to deliver Android and Windows trojans likely for the purpose of stealing credentials or more overtly through the use of fake login pages. The post SecuritySnack: 18+E-Cri...| DomainTools Investigations | DTI
My team has been on a tear this month, we've published new research on Salt Typhoon, an advanced Chinese APT, and we've analyzed the massive Kimsuky leak, giving us a rare look into a North Korean threat actor's playbook. We also identified new activity from the PoisonSeed e-crime group, and uncovered a banking trojan targeting Android users in Southeast Asia. Let's get you up to speed! The post Newsletter Number 9, Keep On Movin' Down The Line appeared first on DomainTools Investigations |...| DomainTools Investigations | DTI
Commentary followed by links to cybersecurity articles that caught our interest internally. The post Cybersecurity Reading List - Week of 2025-09-29 appeared first on DomainTools Investigations | DTI.| DomainTools Investigations | DTI
Salt Typhoon is a Chinese state-sponsored cyber threat group aligned with the Ministry of State Security (MSS), specializing in long-term espionage operations targeting global telecommunications infrastructure. Active since at least 2019, Salt Typhoon has demonstrated advanced capabilities in exploiting network edge devices, establishing deep persistence, and harvesting sensitive communications metadata, VoIP configurations, lawful intercept data, and subscriber profiles from telecom provider...| DomainTools Investigations | DTI
A group has been targeting Indonesian and Vietnamese Android users with banking trojans disguised as legitimate payment and government identity applications. The operators exhibit distinct domain registration patterns, often reusing TLS certificates and grouping domains to resolve to the same IP addresses, with a strong operational focus during Eastern Asia's daytime hours. The post Banker Trojan Targeting Indonesian and Vietnamese Android Users appeared first on DomainTools Investigations | ...| DomainTools Investigations | DTI
DomainTools Investigations identified a set of malicious domains registered since 01 June 2025 likely linked to the ecrime actor publicly known as PoisonSeed. These domains primarily spoof the email platform SendGrid and are likely attempting to compromise enterprise credentials of SendGrid customers. They display fake Cloudflare CATPCHA interstitials to add legitimacy to malicious domains before […] The post Newly Identified Domains Likely Linked to Continued Activity from PoisonSeed E-Cri...| DomainTools Investigations | DTI
If you are a returning reader, welcome back! If you are a new reader, what you are about to read is news from our group of researchers and analysts, where they provide their expertise in investigating, mitigating, and preventing Domain and DNS based attacks.So without further ado, here’s what our incredible team has been up to for the rest of August.| DomainTools Investigations | DTI
Community| DomainTools Investigations | DTI
Because it's always DNS, we wanted to share this fun finding of malware stored across DNS TXT records.| DomainTools Investigations | DTI
