A malicious lookalike domain for Scotiabank Canada scotiabankcanada-auth[.]com was recently registered 5/5/2024. This domain features a landing page with a reCAPTCHA that changes languages depending on the user's geolocation. It resolves to a Russian IP 141[.]8[.]193[.]14 hosting a number of other malicious lookalikes for Scotiabank, the Royal Bank of Canada, and Telus Mobility. These domains appear to be used for phishing. auth-scotiaonline-scotiabank-secure[.]com previously resolved to a page imitating the Scotiabank login page shown in the screenshot below.
CISA has sounded the alarm of Chinese prepositioning activities in critical infrastructure. We uncovered an ongoing Chinese nation state DNS operation that is alarming in how perplexing it is. Muddling Meerkat can control the Great Firewall and is probing DNS infrastructure worldwide. When you find malware in a network, you can usually figure out what it is doing -- but a DNS attack is often a puzzle with missing pieces.
Hi. This is Renée, the head of Infoblox Threat Intel (@knitcode). Myself and a few of my researchers are sharing this Mastodon account. Our plan is to toot about suspicious and malicious activity in DNS. Our team tends to write very in-depth papers and want to use Mastodon to complement that with nuggets we've seen, updates on the DNS threat actors or TTPs we are seeing, and articles we are reading. Here goes! #dns#threatintel#malware#phishing#cybersecurity#infosec#infoblox#introduction