Exploring the SideWinder APT Group’s DNS Footprint
WhoisXML API found 570+ artifacts that could be connected to the SideWinder APT group. Download the threat research materials now.
Continue reading Download reportInvestigating the Proliferation of Deepfake Scams
Deepfakes can cause real harm. In February 2024, for example, an employee of a multinational company was tricked into handing US$25 million to a scammer who pretended to be their company’s CFO.1
In light of this and similar attacks, security researchers have tried to shed more light into deepfake scams and the risks they pose. One report, in particular, unveiled 416 scam IoCs.2
The WhoisXML API research team investigated just how widespread deepfake scam infrastructures could be in the DNS through an IoC list expansion analysis. Our study uncovered potentially connected artifacts comprising:
- 1,070 registrant-connected domains
- Six email-connected domains
- 316 IP addresses, 285 of which turned out to be malicious
- 515 IP-connected domains, three of which turned out to be associated with various threats
- 3,056 string-connected domains, 12 of which may have already figured in malicious campaigns
Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.
—
- [1] https://www.cnn.com/2024/02/04/asia/deepfake-cfo-scam-hong-kong-intl-hnk/index.html
- [2] https://unit42.paloaltonetworks.com/dynamics-of-deepfake-scams/