Hackread reports that newly identified threat operation Hazy Hawk has been exploiting DNS misconfigurations and deserted cloud resources to take over domains belonging to the Centers for Disease Control, the state of Alabama, the Australian Department of Health, the University of California at Berkeley, and the University College London, as well as Deloitte and PwC, since December 2023.
After registering neglected Amazon AWS S3 buckets, Azure endpoints, and other neglected cloud assets discovered via dangling DNS CNAME records for malicious URL hosting, Hazy Hawk deploys bogus apps and browser notifications with malicious obfuscated links, which would prompt several site redirections before proceeding to viralclipnow[.]xyz that then leads of various scams, according to an analysis from Infoblox. Such schemes have been primarily underpinned by push notifications, researchers added. Organizations have been urged to ensure proper DNS management while users have been recommended to use protective DNS solutions to mitigate potential compromise.
After registering neglected Amazon AWS S3 buckets, Azure endpoints, and other neglected cloud assets discovered via dangling DNS CNAME records for malicious URL hosting, Hazy Hawk deploys bogus apps and browser notifications with malicious obfuscated links, which would prompt several site redirections before proceeding to viralclipnow[.]xyz that then leads of various scams, according to an analysis from Infoblox. Such schemes have been primarily underpinned by push notifications, researchers added. Organizations have been urged to ensure proper DNS management while users have been recommended to use protective DNS solutions to mitigate potential compromise.
