Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Sitting Ducks Attack Hijacks 70,000 Domains

November 15, 2024
Reading Time: 2 mins read
in Alerts
Sitting Ducks Attack Hijacks 70,000 Domains

Cybersecurity researchers have exposed a large-scale domain hijacking campaign known as the “Sitting Ducks” attack, which has compromised approximately 70,000 legitimate domains over the past three months. The attack exploits misconfigurations in the domain name system (DNS) to gain unauthorized control of domains, a tactic that has been actively used by cybercriminals since 2018. Infoblox, the cybersecurity firm behind the discovery, revealed that over 800,000 domains were found vulnerable, with attackers targeting a diverse range of victims, including renowned brands, non-profits, and government entities.

The Sitting Ducks technique involves taking advantage of DNS configurations where authoritative DNS services are delegated to external providers but remain improperly configured. Threat actors can then “claim” these domains without needing direct access to the registrar accounts. This stealthy method was first documented in 2016 but gained significant attention in 2024 after researchers highlighted the staggering scale of hijacked domains. Rotational hijacking is a common tactic in these attacks, with cybercriminals exploiting free DNS services to control domains for short periods before they rotate control to other threat actors.

Infoblox identified several prominent threat groups leveraging this attack vector for various malicious activities. For instance, Vacant Viper has used Sitting Ducks attacks to operate traffic direction systems (TDS) and distribute malware like DarkGate and AsyncRAT. Similarly, Horrid Hawk has employed hijacked domains for investment fraud schemes via short-lived social media campaigns, while Hasty Hawk has focused on phishing operations mimicking reputable organizations. In many cases, attackers also utilize these domains for spam and malware command-and-control (C2) infrastructure, further complicating detection and mitigation efforts.

The high reputation of hijacked domains makes them less likely to trigger security alerts, posing a significant threat to businesses and individuals alike. Experts warn that without robust DNS security measures, domains remain vulnerable to such exploits, exposing users to phishing, malware, and fraud risks. Infoblox urges organizations to routinely audit their DNS configurations and ensure proper delegation to mitigate the threat. As cybercriminals continue to refine their tactics, awareness and proactive defense are crucial to safeguarding digital assets.

Reference:
  • Sitting Ducks Attack Hijacks 70,000 Domains in Widespread Campaign
Tags: AsyncRATCyber AlertsCyber Alerts 2024Cyber threatsCybersecurityDarkgateNovember 2024Sitting DucksVacant Viper
ADVERTISEMENT

Related Posts

FIN6 Uses Fake Resumes To Hack Recruiters

FIN6 Uses Fake Resumes To Hack Recruiters

June 11, 2025
Microsoft Fixes Exploited WebDAV Zero Day

Microsoft Fixes Exploited WebDAV Zero Day

June 11, 2025
Fake Sora AI Lure Installs Infostealer

Fake Sora AI Lure Installs Infostealer

June 11, 2025
New Skitnet Malware Arms Ransomware Gangs

Google Bug Exposed Any User’s Phone Number

June 10, 2025
New Skitnet Malware Arms Ransomware Gangs

Roundcube RCE Flaw Risks 84,000 Servers

June 10, 2025
New Skitnet Malware Arms Ransomware Gangs

New Skitnet Malware Arms Ransomware Gangs

June 10, 2025

Latest Alerts

Fake Sora AI Lure Installs Infostealer

FIN6 Uses Fake Resumes To Hack Recruiters

Microsoft Fixes Exploited WebDAV Zero Day

Google Bug Exposed Any User’s Phone Number

Roundcube RCE Flaw Risks 84,000 Servers

New Skitnet Malware Arms Ransomware Gangs

Subscribe to our newsletter

    Latest Incidents

    BHA Hit By Ransomware But Races Continue

    Sompo Data Breach Puts 17.5M Records At Risk

    DDoS Disrupts Roularta Media In Belgium

    Texas DOT Breach Leaks 300K Crash Reports

    Illinois HFS Employee Phishing Leaks Data

    Cyberattack Disrupts UNFI Food Deliveries

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial