Following the DNS Trail of APT Group Newbie Unfading Sea Haze | WhoisXML API

Threat Reports

Following the DNS Trail of APT Group Newbie Unfading Sea Haze

New advanced persistent threat (APT) group Unfading Sea Haze, possibly advocating Chinese interests in the South China Sea, recently reared its head in May 2024.1 A total of 34 indicators of compromise (IoCs) related to the Unfading Sea Haze attack was made public.

The WhoisXML API research team sought to follow the APT group’s digital breadcrumbs in the DNS to identify more connected artifacts. Our IoC list expansion analysis uncovered:

  • 758 email-connected domains, one of which turned out to be malicious
  • 16 additional IP addresses, 11 of which were associated with threats
  • 272 IP-connected domains, 73 of which turned out to be malicious
  • 253 string-connected domains

Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response.

  • [1] https://www.bitdefender.com/blog/businessinsights/deep-dive-into-unfading-sea-haze-a-new-threat-actor-in-the-south-china-sea/
Try our WhoisXML API for free
Get started