Widespread financial scam campaigns involve new DNS hijacking method

Massive and sophisticated financial scams have been deployed by novel threat operation Savvy Seahorse through a traffic distribution system leveraging DNS canonical name records in a bid prevent takedown efforts, The Hacker News reports.

Individuals adept in English, Spanish, Italian, German, Czech, Turkish, French, Polish, and Russian have been targeted by the campaigns, which involved the use of social media platform ads redirecting to malicious websites, a report from Infoblox revealed. Savvy Seahorse has used bogus ChatGPT and WhatsApp bots to lure targets into providing their personal data to be part of allegedly high-return investment opportunities, according to researchers. "An important detail to note is the actor validates the user's information to exclude traffic from a predefined list of countries, including Ukraine, India, Fiji, Tonga, Zambia, Afghanistan, and Moldova, although their reasoning for choosing these specific countries is unclear," said researchers. Such findings follow a Guardio Labs report noting a widespread spam campaign facilitated by the compromise of thousands of legitimate domains via CNAME hijacking.