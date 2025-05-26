403
Sorry!!
Error! We're sorry, but the page you were looking for doesn't exist.
New Cyber Threat 'Hazy Hawk' Hijacks Major Domains – Organizations are at Risk
(MENAFN- Procre8) DUBAI, UAE, 22nd May, 2025: Subdomain hijacking through abandoned cloud resources is an issue that probably every major organization has experienced, and these attacks are on the rise. Infoblox Threat Intel has tracked some of this activity to a threat actor, dubbed Hazy Hawk, that uses hijacked domains to conduct large-scale scams and malware distribution. This discovery highlights the critical need for organizations to manage their DNS records and cloud resources vigilantly.
What is Hazy Hawk?
Hazy Hawk is a sophisticated threat actor that hijacks forgotten DNS records from discontinued cloud services such as Amazon S3 buckets and Azure endpoints. By taking control of these abandoned resources, Hazy Hawk is able to host malicious URLs that lead unsuspecting users to scams and malware.
Identifying vulnerable DNS records in the cloud is significantly more challenging than identifying regular unregistered domains. As cloud usage has grown, the number of abandoned "fire and forget" resources has skyrocketed. Especially for those companies that do not use a comprehensive visibility and management solution for managing all their assets across their digital real estate.
Hazy Hawk has successfully hijacked subdomains of reputable organizations, including the U.S. Center for Disease Control (CDC), various government agencies, universities, and international companies since December 2024.
Hazy Hawk Details:
• Sophisticated Techniques: Unlike traditional domain hijackers, Hazy Hawk targets DNS misconfigurations in the cloud and must have access to commercial passive DNS services to do so
• Wide-Reaching Impact: The hijacked domains are used to distribute a variety of scams, including fake advertisements and malicious push notifications, affecting millions of users globally
• Economic Consequences: The scams facilitated by Hazy Hawk contribute to the multi-billion-dollar fraud market, with significant financial losses reported, particularly among the elderly population in the United States
• Obfuscation: Hazy Hawk uses layered defenses to protect their operations, including hijacking reputable domains, obfuscating URLs, and redirecting traffic through multiple domains
Protective Measures
To thwart threat actors like Hazy Hawk, organizations should implement robust DNS management practices, including regular audits of DNS records and prompt removal of records associated with discontinued cloud services. Additionally, users should be educated to deny push notification requests from unfamiliar websites to avoid falling victim to scams. For more information on Hazy Hawk read the full research Blog here.
What is Hazy Hawk?
Hazy Hawk is a sophisticated threat actor that hijacks forgotten DNS records from discontinued cloud services such as Amazon S3 buckets and Azure endpoints. By taking control of these abandoned resources, Hazy Hawk is able to host malicious URLs that lead unsuspecting users to scams and malware.
Identifying vulnerable DNS records in the cloud is significantly more challenging than identifying regular unregistered domains. As cloud usage has grown, the number of abandoned "fire and forget" resources has skyrocketed. Especially for those companies that do not use a comprehensive visibility and management solution for managing all their assets across their digital real estate.
Hazy Hawk has successfully hijacked subdomains of reputable organizations, including the U.S. Center for Disease Control (CDC), various government agencies, universities, and international companies since December 2024.
Hazy Hawk Details:
• Sophisticated Techniques: Unlike traditional domain hijackers, Hazy Hawk targets DNS misconfigurations in the cloud and must have access to commercial passive DNS services to do so
• Wide-Reaching Impact: The hijacked domains are used to distribute a variety of scams, including fake advertisements and malicious push notifications, affecting millions of users globally
• Economic Consequences: The scams facilitated by Hazy Hawk contribute to the multi-billion-dollar fraud market, with significant financial losses reported, particularly among the elderly population in the United States
• Obfuscation: Hazy Hawk uses layered defenses to protect their operations, including hijacking reputable domains, obfuscating URLs, and redirecting traffic through multiple domains
Protective Measures
To thwart threat actors like Hazy Hawk, organizations should implement robust DNS management practices, including regular audits of DNS records and prompt removal of records associated with discontinued cloud services. Additionally, users should be educated to deny push notification requests from unfamiliar websites to avoid falling victim to scams. For more information on Hazy Hawk read the full research Blog here.
Legal Disclaimer:
MENAFN provides the information “as is” without warranty of any kind. We do not accept any responsibility or liability for the accuracy, content, images, videos, licenses, completeness, legality, or reliability of the information contained in this article. If you have any complaints or copyright issues related to this article, kindly contact the provider above.
Most popular stories
Market Research
QTR Family Wealth Launches Independent RIA Firm, Deepening Commitment To Multi-Generational Entrepreneurs
- Jippi Unveils Interactive AR Bitcoin Learning Experience At Bitcoin 2025 In Las Vegas
- Xfunded Reports Over $1.2M In Payouts And 18,000 Challenges Sold In First Year Of Operation
- Renowned Tech VC Backs Web3 Project At $470M Valuation
- Bitcoin Suisse Secures In-Principle Approval From ADGM's Financial Services Regulatory Authority
- New CFD Broker Versus Trade Launches With Unique 'Asset-Vs-Asset' Product Offering
- Pepeto To Launch On Exchange Following Presale Wrap-Up And Platform Milestones
CommentsNo comment