If you have heard of the Polyfill supply chain attack, then you may already have an idea about what FUNULL is. It is said to have bought the domain polyfill[.]io, which was responsible for a massive attack that affected millions of websites in June 2024.1
FUNULL, as it turns out, is not only behind the Polyfill supply chain attack but also several other malicious campaigns involving investment scams, fake trading app distribution, and suspect gambling networks, all clumped together in what security researchers have dubbed “Triad Nexus.”2
The WhoisXML API research team expanded a list of 63 Triad Nexus suspicious indicators and found tons of other potentially connected artifacts, namely:
- 113 email-connected domains
- 33 IP addresses, four of which turned out to be malicious
- 274 IP-connected domains, one of which turned out to be associated with threats
- 144 string-connected domains
- 11,428 string-connected subdomains, 16 of which turned out to be malicious
Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.
—
- [1] https://techcrunch.com/2024/10/22/researchers-link-polyfill-supply-chain-attack-to-huge-network-of-copycat-gambling-sites/
- [2] https://www.silentpush.com/blog/triad-nexus-funnull/