Sekoia.io conducted proactive hunting of Olympics-related typosquatted domains around Paris 2024, identifying over 650 suspicious domains focused on ticketing scams and impersonating official sites. The findings highlight opportunistic cybercriminals during high-profile events, with limited observed impact on clients. #SekoiaIO #Paris2024
Keypoints
- From June to August 2024, Sekoia Threat Detection & Research hunted Olympics-typosquatted domains to monitor opportunistic registrations.
- Identified over 650 typosquatted Paris 2024 domains, with a registrations spike just before the opening ceremony.
- Approximately 45% of the domains were related to ticketing scams mimicking official platforms.
- Many domains impersonated French official sites and the International Olympic Committee (IOC).
- Telemetry showed very few hits; most domains were non-malicious or not inherently harmful to clients.
- The activity underscores the opportunistic behavior of cybercriminals during major events, with defensive registrations by organizers noted.
MITRE Techniques
- [T1566] Phishing – Utilized typosquatted domains to conduct phishing attacks. “Utilized typosquatted domains to conduct phishing attacks.”
- [T1583] Acquire Infrastructure – Registered domains mimicking official Olympic websites for deception. “Registered domains mimicking official Olympic websites for deception.”
- [T1003] Credential Dumping – Potential for credential harvesting through phishing attempts on typosquatted domains. “Potential for credential harvesting through phishing attempts on typosquatted domains.”
- [T1071] Command and Control – Possible use of typosquatted domains for C2 connections. “Possible use of typosquatted domains for C2 connections.”
Indicators of Compromise
- [Domain] Typosquatted domains related to Paris 2024 Olympics – tickets.paris2024.biz, pass-jeux.com
- [Domain] Domains mimicking official sites and security pages – gouuv.fr, paris2024.date
Read more: https://blog.sekoia.io/securing-gold-hunting-typosquatted-domains-during-the-olympics/