Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Sitting Ducks Attack Hijacks 70,000 Domains

November 15, 2024
Reading Time: 2 mins read
in Alerts
Sitting Ducks Attack Hijacks 70,000 Domains

Cybersecurity researchers have exposed a large-scale domain hijacking campaign known as the “Sitting Ducks” attack, which has compromised approximately 70,000 legitimate domains over the past three months. The attack exploits misconfigurations in the domain name system (DNS) to gain unauthorized control of domains, a tactic that has been actively used by cybercriminals since 2018. Infoblox, the cybersecurity firm behind the discovery, revealed that over 800,000 domains were found vulnerable, with attackers targeting a diverse range of victims, including renowned brands, non-profits, and government entities.

The Sitting Ducks technique involves taking advantage of DNS configurations where authoritative DNS services are delegated to external providers but remain improperly configured. Threat actors can then “claim” these domains without needing direct access to the registrar accounts. This stealthy method was first documented in 2016 but gained significant attention in 2024 after researchers highlighted the staggering scale of hijacked domains. Rotational hijacking is a common tactic in these attacks, with cybercriminals exploiting free DNS services to control domains for short periods before they rotate control to other threat actors.

Infoblox identified several prominent threat groups leveraging this attack vector for various malicious activities. For instance, Vacant Viper has used Sitting Ducks attacks to operate traffic direction systems (TDS) and distribute malware like DarkGate and AsyncRAT. Similarly, Horrid Hawk has employed hijacked domains for investment fraud schemes via short-lived social media campaigns, while Hasty Hawk has focused on phishing operations mimicking reputable organizations. In many cases, attackers also utilize these domains for spam and malware command-and-control (C2) infrastructure, further complicating detection and mitigation efforts.

The high reputation of hijacked domains makes them less likely to trigger security alerts, posing a significant threat to businesses and individuals alike. Experts warn that without robust DNS security measures, domains remain vulnerable to such exploits, exposing users to phishing, malware, and fraud risks. Infoblox urges organizations to routinely audit their DNS configurations and ensure proper delegation to mitigate the threat. As cybercriminals continue to refine their tactics, awareness and proactive defense are crucial to safeguarding digital assets.

Reference:
  • Sitting Ducks Attack Hijacks 70,000 Domains in Widespread Campaign
Tags: AsyncRATCyber AlertsCyber Alerts 2024Cyber threatsCybersecurityDarkgateNovember 2024Sitting DucksVacant Viper
ADVERTISEMENT

Related Posts

BadIIS Malware Spreads Via SEO Poisoning

Hackers Target AWS and Steal Credentials

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

SonicWall SMA100 Update Removes Rootkit

September 24, 2025
BadIIS Malware Spreads Via SEO Poisoning

BadIIS Malware Spreads Via SEO Poisoning

September 24, 2025
FBI Issues Warning on Spoofed IC3 Website

FBI Issues Warning on Spoofed IC3 Website

September 22, 2025
FBI Issues Warning on Spoofed IC3 Website

Infostealer Hits macOS Users Widely

September 22, 2025
FBI Issues Warning on Spoofed IC3 Website

SonicWall Warns Reset After Exposure

September 22, 2025

Latest Alerts

Hackers Target AWS and Steal Credentials

SonicWall SMA100 Update Removes Rootkit

BadIIS Malware Spreads Via SEO Poisoning

SonicWall Warns Reset After Exposure

Infostealer Hits macOS Users Widely

FBI Issues Warning on Spoofed IC3 Website

Subscribe to our newsletter

    Latest Incidents

    Boyd Gaming Reports Data Breach After Attack

    Morrisroe UK Company Hit By Cyber Attack

    GeoServer Flaw Breaches US Agency Network

    Steam Game Steals Streamer Donations

    Ransomware Gang Hacks Spartanburg County

    Cyberattack Hits Europe Airport Systems

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial