Rob WrightNew from me: Cybercriminals use traffic distribution systems to hijack web traffic and send it to malicious domains, supplying threat actors with steady streams of victims for malware, scams and exploit kits. Here's a long look at one TDS called Keitaro. https://www.techtarget.com/searchsecurity/feature/Why-the-Keitaro-TDS-keeps-causing-security-headaches
Most TDSes used by cybercriminals – BlackTDS, Prometheus, Parrot, 404 – are underground/black market tools. #KeitaroTDS is different. It's a commercial offering from a software company in Estonia that is viewed as legitimate by vendors like Microsoft.
I started looking into Keitaro in late 2022 and found the TDS has been leveraged by cybercriminals for many years. Most recently, malicious activity has included campaigns for Royal ransomware, IcedID, SocGholish and other threats. https://www.microsoft.com/en-us/security/blog/2022/11/17/dev-0569-finds-new-ways-to-deliver-royal-ransomware-various-payloads/
DEV-0569 finds new ways to deliver Royal ransomware, various payloads | Microsoft Security Blog
DEV-0569’s recent activity shows their reliance on malvertising and phishing in delivering malicious payloads. The group’s changes and updates in delivery and payload led to distribution of info stealers and Royal ransomware.
I had a long email conversation with Keitaro, which told me it's "on the side of the law" and does everything in its power to prevent abuse of its product. But some researchers and threat analysts aren't so sure.
In addition to concerning trends documented by cybersecurity vendors, I discovered some red flags around Keitaro. And when I asked the company about them, Keitaro's responses went from mostly cordial to quite confrontational.
Here's a deep dive into the history of the #KeitaroTDS, the malicious activity that's been documented over the course of about a decade, and the company's explanations for the extensive abuse of its product. https://www.techtarget.com/searchsecurity/feature/Why-the-Keitaro-TDS-keeps-causing-security-headaches