A threat actor known as ‘Hazy Hawk’ is hijacking forgotten DNS CNAME records that point to abandoned cloud services, enabling them to take control of trusted subdomains of high-profile organizations and use them for malicious activities. This technique facilitates scams, fake apps, and malicious redirects, posing significant cybersecurity risks. #HazyHawk #DNSHijacking #CyberThreats #MaliciousDomains #OrganizationalSecurity
Keypoints
- Hazy Hawk exploits abandoned cloud service CNAME records to hijack trusted subdomains.
- The threat actor registers new cloud resources matching old CNAMEs to redirect traffic.
- Targeted organizations include government agencies, universities, and Fortune 500 companies.
- The hijacked domains are used to host scams, phishing pages, and malicious ads.
- Organizations often overlook deleting DNS records after decommissioning cloud services, aiding attacks.