Tracking the DNS Footprint of the Polyfill Supply Chain Attackers | WhoisXML API

Threat Reports

Tracking the DNS Footprint of the Polyfill Supply Chain Attackers

Threat actors will always find a way to get into their targets’ networks, even if they have to go through indirect channels. Such was the story behind the Polyfill supply chain attack.

Users of the content delivery network (CDN) service worldwide ended up with compromised networks courtesy of a malicious JavaScript code the cyber attackers injected.

Many cybersecurity researchers looked into the attack and identified several indicators of compromise (IoCs) in their reports. The WhoisXML API research team got hold of a list of six domains identified as such and examined them more closely to identify other potentially connected artifacts.1 Our IoC list expansion led to the discovery of:

  • Six IP addresses, two of which turned out to be malicious
  • 104 IP-connected domains
  • 94 string-connected domains

Download a sample of the threat research materials now or contact sales to discuss your intelligence needs for threat detection and response or other cybersecurity use cases.

  • [1] https://fossa.com/blog/polyfill-supply-chain-attack-details-fixes/
Try our WhoisXML API for free
Get started