DomainTools

@[email protected]
837 Followers
167 Following
593 Posts
A global leader for internet #intel that enables security practitioners to proactively defend their organization in a constantly evolving threat landscape.
Websitewww.domaintools.com
Twitterhttps://twitter.com/DomainTools
Podcasthttps://www.domaintools.com/resources/podcasts/
DomainTools1d ago
DomainTools is coming to #BlackHatUSA in Las Vegas, August 1-6!🎩
🗓️Book a time to meet with our team! https://www.domaintools.com/events/black-hat-usa?utm_campaign=bh2026&utm_medium=social&utm_source=mastadon
DomainTools | Black Hat USA

DomainToolsJun 16

💬Coming for the Communications Layer

Russian threat actors are bypassing EDR to hijack SOHO routers, bend DNS, and phish Signal/WhatsApp for quiet, long-term espionage.
Read the full technical breakdown & MITRE mapping: https://dti.domaintools.com/research/threat-intelligence-report-russia-router-dns-and-messaging-layer-collection-operations
#Infosec #Cybersecurity #DNS

DomainTools Investigations | Threat Intelligence Report: Russia, Router, DNS, and Messaging-Layer Collection Operations

New research exposes Russian GRU (APT28) cyber operations using router compromise, DNS hijacking, and Signal/WhatsApp phishing for long-term espionage.

DomainToolsJun 5
👔We’ve analyzed a highly sophisticated Adversary-in-the-Middle (AiTM) phishing kit targeting Microsoft 365 & Entra ID. Active since Dec 2025, it smoothly bypasses traditional MFA (SMS, TOTP, Push). Read the investigation here:http://dti.domaintools.com/securitysnacks/securitysnack-hijacking-corporate-sessions
#Cybersecurity #MFA #InfoSec
DomainTools Investigations | SecuritySnack - Hijacking Corporate Sessions

DomainTools dissects an AiTM phishing kit targeting Microsoft 365/Entra ID: CAPTCHA cloaking, corporate email harvest, and MFA-bypassing cookie theft.

DomainToolsJun 5
The DomainTools team is at #SLEUTHCON! Stop by our booth to say hi and grab a "Zero Day" t-shirt, (and no, we won't make a sales pitch before you can get a shirt) ! #Cybersecurity #SLEUTHCON #InfoSec #Cybercrime
DomainToolsJun 2
This Friday, we'll be at #SLEUTHCON ! Stop by our booth to say hi and enter our raffle to win a Nintendo Switch 2: Choose Your Own Game Bundle!
#SLEUTHCON2026 #Cybersecurity #Infosec
DomainToolsMay 21

Our team at DomainTools Investigations (DTI) took a deep dive into the ZionSiphon malware sample(“SCADA_SecurityPatch_v8.4.exe”) that’s been circling in sandboxes since 2025.

Read our investigation here⬇️ http://dti.domaintools.com/research/threat-intelligence-report-zionsiphon
#Cybersecurity #ICS #Malware #InfoSec #DomainTools

DomainTools Investigations | Threat Intelligence Report: ZionSiphon OT Malware First Attempts? Psyops? Both?

Analysis of ZionSiphon (SCADA_SecurityPatch_v8.4.exe), a .NET OT malware targeting Israeli water utilities. Discover its IOCs, targets, and flawed activation code.

DomainToolsMay 19
We are excited to announce our IP risk and IP hotlist are now available in real-time feeds. These feeds give you access to all IP addresses which can be filtered to show only the most dangerous and currently active infrastructure. Learn more: https://www.domaintools.com/blog/increase-threat-visibility-with-domaintools-real-time-ip-risk-feeds
DomainToolsMay 13

📰Real Fake News: DTI’s latest research on the Russian-backed Doppelgänger campaigns breaks down the organizational structure and operational distribution model that pushes “fake news” to real news feeds.

Read more: https://dti.domaintools.com/research/sda-structura-doppelganger-influence-ops
#Cybersecurity #Infosec #News

DomainTools Investigations | Threat Intelligence Report: The SDA / Structura / Doppelgänger, Influence Operations, Infrastructure, Reach, and Potential

How does the Doppelgänger influence campaign reach 5M+ users? Read DTI’s latest report on the SDA/Structura ecosystem, featuring a deep dive into narrative propagation, domain rotation tactics, and a 72-hour crisis influence timeline.

DomainToolsMay 7
The sun is out in Seattle and the April DTI newsletter is live! 📰☀️
@danonsecurity breaks down the DPRK’s modular malware pipelines, the MOIS-linked Handala ecosystem, and the AI Frame campaign. Plus, Ian Campbell's monthly reading list! 📚
Catch up: https://dti.domaintools.com/newsletters/sixteen-going-on-seventeen-newsletters
Sixteen going on Seventeen Newsletters - DomainTools Investigations | DTI

DPRK's modular malware portfolio, Iran's MOIS-linked Handala/Homeland Justice/Karma persona ecosystem, and a fake Authenticator Chrome extension dissected.

DomainToolsMay 4

Government agencies are advancing Zero Trust, but are they leveraging DNS intelligence to its full potential? DomainTools helps defenders uncover adversary infrastructure before it becomes a threat.

Learn how DomainTools empowers proactive defense here: https://www.domaintools.com/proactive-internet-intelligence-for-the-public-sector

Proactive Internet Intelligence for the Public Sector