ICYMI: DomainTools Investigations released new research this week!

Skeleton Spider (aka FIN6) is leveraging trusted cloud services like AWS to deliver malware through fake job applications and resume-themed phishing campaigns.

🔍 Learn how this financially motivated group is:

🔹Exploiting cloud infrastructure to evade detection
🔹Using social engineering to lure victims
🔹Building resilient, scalable malware delivery systems

Read the full analysis here: https://dti.domaintools.com/skeleton-spider-trusted-cloud-malware-delivery/?utm_source=Mastodon&utm_medium=Social&utm_campaign=Skeleton-Spider

#CyberSecurity #ThreatIntelligence #Malware #CloudSecurity #Phishing #FIN6 #SkeletonSpider #InfoSec

Cybercrime group FIN6 (aka Skeleton Spider) is leveraging trusted cloud services like AWS to deliver malware through fake job applications.

Our latest analysis breaks down:
🔹 How attackers use LinkedIn & Indeed to build trust
🔹 The use of resume-themed phishing lures
🔹 Cloud-hosted infrastructure that evades detection
🔹 The delivery of the More_eggs backdoor via .LNK files
🔹 Key defense strategies for recruiters and security teams

This campaign is a masterclass in low-complexity, high-evasion phishing

📖 Read the full breakdown: https://dti.domaintools.com/skeleton-spider-trusted-cloud-malware-delivery/?utm_source=Mastodon&utm_medium=Social&utm_campaign=Skeleton-Spider

#CyberSecurity #ThreatIntel #FIN6 #Phishing #CloudSecurity #MalwareAnalysis #InfoSec #SkeletonSpider

ICYMI, yesterday my @DomainTools boss/CISO @danonsecurity co-spoke with Jon DiMaggio at SLEUTHCON on the human realities of the Russian-affiliated ransomware landscape and how it should inform and evolve our investigative and disruption efforts.

Accompanying blogpost ncludes some neat graphics, including intricate maps of overlap.

#infosec #cybersecurity #threatintel #ransomware

https://dti.domaintools.com/mapping-hidden-alliances-russian-affiliated-ransomware/

I had the opportunity to sit down with former DTer, Joe Slowik at #RSAC to talk about suspicious domains.

Here are some of the key takeaways from our conversation:

🔹 Joe shared how attackers are playing the long game—like in the SolarWinds attack, where a fake AWS domain sat dormant for nearly a decade.
🔹 From aged domains to hijacked home routers, adversaries are evolving. And groups like Volt Typhoon are targeting U.S. critical infrastructure with chilling precision.
🔹 It’s time to rethink defense—beyond tools, toward resilient architecture and even manual fallbacks.

Listen to the podcast here: https://podcasts.apple.com/us/podcast/breaking-badness/id1456143419?i=1000711183082

In this week's episode of the Breaking Badness Cybersecurity Podcast we delve into the critical role of domains in modern cyber attacks. From sophisticated
nation-state operations to AI-powered phishing kits and malicious browser extensions, domains are the foundational infrastructure for threat actors.

Host @NotTheLinux is joined by four leading cybersecurity experts Joe Slowik, Robert Duncan, John Fokker and Vivek Ramachandran to break down how domains are weaponized and what organizations can do to defend themselves on this ever-evolving frontline.

Listen wherever you get your podcasts:

Apple: https://podcasts.apple.com/us/podcast/beyond-the-perimeter-how-attackers-use-domains/id1456143419?i=1000711183082

Spotify: https://open.spotify.com/episode/0trcyZliGZuEj591IVnZCu

YouTube: https://www.youtube.com/watch?v=CpcJXpWwfQo

Web: https://www.domaintools.com/resources/podcasts/how-attackers-use-domains-phishing-ai-and-how-to-fight-back/?utm_source=Mastodon&utm_medium=Social&utm_campaign=RSAC-Domains