Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Sitting Ducks Attack Hijacks 70,000 Domains

November 15, 2024
Reading Time: 2 mins read
in Alerts
Sitting Ducks Attack Hijacks 70,000 Domains

Cybersecurity researchers have exposed a large-scale domain hijacking campaign known as the “Sitting Ducks” attack, which has compromised approximately 70,000 legitimate domains over the past three months. The attack exploits misconfigurations in the domain name system (DNS) to gain unauthorized control of domains, a tactic that has been actively used by cybercriminals since 2018. Infoblox, the cybersecurity firm behind the discovery, revealed that over 800,000 domains were found vulnerable, with attackers targeting a diverse range of victims, including renowned brands, non-profits, and government entities.

The Sitting Ducks technique involves taking advantage of DNS configurations where authoritative DNS services are delegated to external providers but remain improperly configured. Threat actors can then “claim” these domains without needing direct access to the registrar accounts. This stealthy method was first documented in 2016 but gained significant attention in 2024 after researchers highlighted the staggering scale of hijacked domains. Rotational hijacking is a common tactic in these attacks, with cybercriminals exploiting free DNS services to control domains for short periods before they rotate control to other threat actors.

Infoblox identified several prominent threat groups leveraging this attack vector for various malicious activities. For instance, Vacant Viper has used Sitting Ducks attacks to operate traffic direction systems (TDS) and distribute malware like DarkGate and AsyncRAT. Similarly, Horrid Hawk has employed hijacked domains for investment fraud schemes via short-lived social media campaigns, while Hasty Hawk has focused on phishing operations mimicking reputable organizations. In many cases, attackers also utilize these domains for spam and malware command-and-control (C2) infrastructure, further complicating detection and mitigation efforts.

The high reputation of hijacked domains makes them less likely to trigger security alerts, posing a significant threat to businesses and individuals alike. Experts warn that without robust DNS security measures, domains remain vulnerable to such exploits, exposing users to phishing, malware, and fraud risks. Infoblox urges organizations to routinely audit their DNS configurations and ensure proper delegation to mitigate the threat. As cybercriminals continue to refine their tactics, awareness and proactive defense are crucial to safeguarding digital assets.

Reference:
  • Sitting Ducks Attack Hijacks 70,000 Domains in Widespread Campaign
Tags: AsyncRATCyber AlertsCyber Alerts 2024Cyber threatsCybersecurityDarkgateNovember 2024Sitting DucksVacant Viper
ADVERTISEMENT

Related Posts

FreeDrain Phishing Steals Crypto Funds

FBI Warns Cybercriminals Exploit Routers

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

X Scam Targets Crypto Users with Fake Ads

May 9, 2025
FreeDrain Phishing Steals Crypto Funds

FreeDrain Phishing Steals Crypto Funds

May 9, 2025
COLDRIVER Hackers Target Sensitive Data

COLDRIVER Hackers Target Sensitive Data

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

May 8, 2025
COLDRIVER Hackers Target Sensitive Data

CoGUI Targets Consumer and Finance Brands

May 8, 2025

Latest Alerts

X Scam Targets Crypto Users with Fake Ads

FBI Warns Cybercriminals Exploit Routers

FreeDrain Phishing Steals Crypto Funds

CoGUI Targets Consumer and Finance Brands

COLDRIVER Hackers Target Sensitive Data

Cisco Fixes Flaw in IOS Wireless Controller

Subscribe to our newsletter

    Latest Incidents

    LockBit Ransomware Data Leaked After Hack

    Spanish Consumer Group Faces Cyberattack

    Education Giant Pearson Hit by Data Breach

    Masimo Cyberattack Disrupts Manufacturing

    Cyberattack Targets Tepotzotlán Facebook

    West Lothian Schools Hit by Ransomware

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial