GoDaddy found malware on 1,980 WordPress sites using Steam as C2 infrastructure
Malware on approximately 2,000 WordPress sites hid C2 instructions in Steam profile comments using invisible Unicode. GoDaddy researchers spotted a command-a...
MITRE ATT&CK Mapping
Articles mapped to MITRE ATT&CK techniques. Select a technique to view matching articles.
T1583 — Acquire Infrastructure (Resource Development)
Clear filter10 articles found
FIFA domain registrations surge ahead of 2026 World Cup, signaling fraud risks
CSC analysts identified over 65,590 domains with "FIFA" registered between January 2022 and April 2026, none of which were registered by FIFA itself.
Hackers Host JS Malware on GHOSTYNETWORKS and OMEGATECH
Hackers are abusing two bulletproof hosting providers, GHOSTYNETWORKS and OMEGATECH, to run a global JavaScript (JS) malware infrastructure that powers large...
Glassworm botnet disrupted after resilient C2 infrastructure takedown
The Glassworm botnet targeting developers in software supply-chain attacks has been disrupted after researchers took down its resilient command-and-control i...
Admins of Bulletproof Hosting Service Used by Russian Hackers Arrested in Netherlands
The two own Dutch companies that allegedly provided bulletproof hosting services to Russia-aligned threat actors. The post Admins of Bulletproof Hosting Serv...
Netherlands Busts Bulletproof Hosting Network Linked to Disinformation and Cybercrime
Dutch authorities arrested two suspects after dismantling a bulletproof hosting network linked to cybercrime, disinfo, and Russian sanctions evasion.
Hackers Exploit Middle East Telecoms for Massive C2 Operations
Hackers are increasingly abusing Middle East telecommunications networks and hosting providers to operate large-scale command-and-control (C2) infrastructure...
One Telecom Provider Hosted Most of the Middle East ’s Active C2 Infrastructure
Hunt.io mapped 1,350+ C2 servers across the Middle East, revealing how a small group of providers quietly supports major malware activity.
Malicious Chrome Extensions Campaign Exposes User Data
108 malicious Chrome extensions steal sessions, Google data, inject ads via single C2 infrastructure
DPRK-Related Campaigns with LNK and GitHub C2
Analysis of DPRK-linked LNK-based attacks using GitHub as covert C2 infrastructure, detailing multi-stage PowerShell execution, persistence mechanisms, and d...