More than 16,800 illicit domains masquerading as legitimate government portals, including those from the U.S.'s Department of Motor Vehicles, were discovered by Cyble Research and Intelligence Labs researchers to have been part of the large-scale Operation TrustTrap domain spoofing campaign aimed at extensive user data exfiltration, according to The Cyber Express.Attackers leveraged Tencent Cloud and Alibaba Cloud APAC to host most of the malicious domains, which commonly had the .cc, .cfd, and .bond top-level domains meant to circumvent detection, reported CRIL analysts. Subdomain trust injection, or the embedding of trusted government tokens in subdomains, was central to Operation TrustTrap's deception. Further obfuscation of the spoofed domains has been made possible by hyphen-based semantic manipulation.Even though the U.S. was primarily targeted by the operation, the UK, India, and Vietnam also had their government portals impersonated in the campaign. Threat actors' choice of hosting providers and other tactics, techniques, and procedures have prompted researchers to associate the campaign with Pakistan-based threat operation APT36, also known as Transparent Tribe.
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
You can skip this ad in 5 seconds