top of page
Search
Writer's pictureStormsec

Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime

Cybercriminals compromise domain names to attack the owners or users of the domains directly, or use them for various nefarious endeavors, including phishing, malware distribution, and command and control (C2) operations. A special case of DNS hijacking is called domain shadowing, where attackers stealthily create malicious subdomains under compromised domain names.




ATT&CK IDS: T1566 - Phishing, T1113 - Screen Capture, T1218 - Signed Binary Proxy Execution, T1090 - Proxy, T1003 - OS Credential Dumping


Read More:

5 views

댓글


댓글 작성이 차단되었습니다.
bottom of page