🔴 A threat isn't much of a threat if it can't reach the right victims. 📦 That's why many modern threat actors rely on cloakers and traffic distribution systems (TDS) to target, route, and hide at scale. In a six‑month joint effort analyzing four months of data with Confiant, we identified 15,500 domains configured to Keitaro instances and actively used in cyber campaigns. Keitaro is a legitimate ad tracker, but it is frequently misused by cybercriminals as an all‑in‑one tracker + TDS + cloaker in scam and malware campaigns. We encounter Keitaro in our investigations nearly every day, and we set out to quantify that abuse in the broader landscape. We're publishing a three‑part series to share what we learned. Part 1 focuses on a subset of actors who leverage AI in their operations, most of whom are tied to investment scams. At the end of the report, you'll find a link to our github repository that contains thousands of related Keitaro iocs.

https://www.infoblox.com/blog/threat-intelligence/inside-keitaro-abuse-a-persistent-stream-of-ai-driven-investment-scams/

#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #scam #ai #keitaro #adtech #tds #trafficdistributionsystem #cloaker #cloaking #landscape #malvertising

After three years of relentless tracking, we’ve published a [paper](https://blogs.infoblox.com/threat-intelligence/vextrios-origin-story-from-spam-to-scam-to-adtech/) that, for the first time, exposes the true identities behind VexTrio. This research connects real names to the various companies that form the VexTrio ecosystem. It begins with the origin story—how a group of Italians launched a successful spam and dating business. Over time, VexTrio expanded its operations into malicious adtech and online scams. For over a decade, the group employed deceptive tactics to defraud countless innocent internet users. These illegitimate gains funded the extravagant lifestyles of VexTrio’s key figures—who, despite increasing scrutiny, have yet to be fully stopped.

We’re deeply grateful to all the contributors who helped us reach this research milestone, especially @rmceoin and Tord from [Qurium](https://www.qurium.org/).

#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #adtech #maliciousadtech #advertising #affiliates #scam #notifications #pushnotifications #tds #trafficdistributionsystem #spam #italy #russia #belarus #dating #clickallow