DomainTools is a proud exhibiting sponsor for SleuthCon!

Visit our booth today to learn more about how to detect relevant indicators earlier in their lifecycle to identify and disrupt incipient attacks.

We're giving out t-shirts and we're raffling off a Mac mini!

See you today and have a great time at SleuthCon if you're attending!

https://www.sleuthcon.com/

DomainTools is an Exhibiting Sponsor at SLEUTHCON!

Check out our booth later this week at the show. Come for the shirt, stay to learn how domain intelligence can prevent, mitigate, and investigate attacks.

See the full show schedule here: https://www.sleuthcon.com/2025agenda

📅 Upcoming Panel Discussion

Date: Wednesday, June 11
Time: 10AM PT | 1PM ET
Attend to Receive CPE Credits

The cybersecurity landscape is constantly shifting—but some things remain steady. Domains and DNS are among those constants.

In 2024 alone, over 106 million new domains were observed—about 289,000 per day. What patterns lie in this surge, and how can defenders use them to their advantage?

Join experts including Daniel Schwalbe, Renee Burton (Infoblox), Raymond Dijkxhoorn (Surbl), and Peter Lowe as they explore the trends, techniques, and tools that defined domain intelligence over the past year.

Save your spot here: https://www.domaintools.com/webinar-decoding-domain-intelligence/?utm_source=Mastodon&utm_medium=Social&utm_campaign=Q2-Industry-Webinar

What do cats have to do with Lumma C2 infostealing-malware?

Julia Ibinson notes in a recent Security Snack that some of the registration patterns reference prominent Russian figures like athletes, mobsters, actors, etc.

And others featured the same landing page titled "About Cats" which was, as the name suggests, about cats.

How many domains does this page appear?
What's the average risk score?
Where else do these domains feature in IOC databases?

Read the Security Snack for full details: https://www.domaintools.com/resources/blog/tracking-lummac2-infrastructure-with-cats/?utm_source=Mastodon&utm_medium=Social&utm_campaign=Lumma-C2

In 2024, our team found that the web-based version of HeartSender was leaking a significant amount of sensitive data to anyone who accessed it; no login required.

This included customer login details and internal emails from HeartSender staff. Malware infections on the attackers’ own devices revealed extensive account data, along with insights into the group’s structure, operations, and role within the broader cybercrime ecosystem.

Yesterday, Brian Krebs reported that 21 individuals accused of operating Heartsender have been arrested in Pakistan. This milestone was the result of incredible teamwork across borders and organizations, and we're proud to have been part of that global effort.

When we come together, we can give bad actors more bad days.

Find our original analysis and update here: https://www.domaintools.com/resources/blog/the-resurgence-of-the-manipulaters-team-breaking-heartsenders/?utm_source=Mastodon&utm_medium=Social&utm_campaign=Manipulaters

Pakistani authorities have arrested 21 individuals tied to HeartSender, a long-running phishing and malware-as-a-service operation. The group is linked to global BEC scams and phishing attacks targeting Microsoft 365, iCloud, and more—causing tens of millions in losses.

This takedown highlights the growing international cooperation in cybercrime investigations and the importance of strong digital defenses.

🔗 Read more via @briankrebs (KrebsOnSecurity): https://krebsonsecurity.com/2025/05/pakistan-arrests-21-in-heartsender-malware-service/

#CyberSecurity #ThreatIntel #BEC #Phishing #Malware #DigitalForensics