Domain Shadowing: A Stealthy Use of DNS Compromise for Cybercrime


This post is also available in: 日本語 (Japanese)

Executive Summary

Cybercriminals compromise domain names to attack the owners or users of the domains directly, or use them for various nefarious endeavors, including phishing, malware distribution, and command and control (C2) operations. A special case of DNS hijacking is called domain shadowing, where attackers stealthily create malicious subdomains under compromised domain names. Shadowed domains do not affect the normal operation of the compr…

Read More