Hazy Hawk is a threat actor that hijacks abandoned cloud and DNS resources of high-profile organizations to host scams and malware, utilizing trusted domains to enhance credibility. Their operations involve redirecting victims through sophisticated URL redirection and flooding devices with malicious push notifications. #HazyHawk #DNSCNAMEHijacking #CloudResourceAbuse
Keypoints
- Hazy Hawk exploits misconfigured DNS records to hijack cloud resources and domain names.
- The group targets high-profile organizations, including government agencies and multinational corporations like Deloitte and EY.
- Hijacked domains are used to host fake sites, scams, and malware, often through traffic distribution systems (TDSes).
- The attack involves cloning legitimate sites and employing URL redirection to conceal compromised resources.
- Preventive measures include removing DNS CNAME records for shut-down resources and restricting notification requests from unknown sites.
Read More: https://thehackernews.com/2025/05/hazy-hawk-exploits-dns-records-to.html