DomainTools

ICYMI: This week DomainTools Investigations shared detection of phishing on a spoofed Ukroboronprom domain (Ukraine’s largest arms manufacturer). The domain was first seen on 12/20/24 and was hosted on GHOSTnet VPS. The Iris Pivot Engine identified nine other domains with the same website title and seen after 12/20/24. There is insufficient evidence to attribute this activity to a known actor; however, the activity likely has a cyber espionage motivation. DTI makes this assessment with moderate confidence based on the tactics, techniques, and procedures (TTPs) and the heavy focus on the defense and aerospace sectors. Read the full analysis here: https://lnkd.in/gUZkyhtR #Ukraine #CyberSecurity #Infosec #Phishing #Espionage #CyberEspionage

Women's Month may be winding down — but?Women in SaaS 2025?promised to keep the conversation going ?? ?? To best support women in the industry, PartnerStack and our nine partners All Inclusive Marketing Inc., Carbon6, ContactMonkey, DomainTools, Fluincy, For Female Founders, Jane App, Pavilion and Pressbooks are continuing to amplify the good work women do in our ecosystem every day. At our panel (that passed the Bechdel test), with inspiring leaders Veronica Stonis, Breanne Charter, Ba?ak Büyük?elen and Jessie Shipman (moderated by Lydia H. and Chloe Tse) we launched Give Her ?? Her Flowers — a digital way to recognize women you've worked with. Shout out the women you've worked with in your ecosystem who deserve to be recognized and added to the bouquet of impact! For every flower sent, PartnerStack will donate $1 to?an org supporting women in tech. A lucky pair will win a free trip to our upcoming STACK'D event ?? Submit here ?? ?https://lnkd.in/g77fTp65 #womeninsaas #womeninsaas2025 #womenintech #B2BSaaS #partnerships

The latest episode of the Breaking Badness Cybersecurity Podcast is here! In this episode, host Kali Fencl welcomes Wes Young of CSIRT Gadgets, LLC and Daniel Schwalbe, CISO and Head of Investigations at DomainTools, dive into a recent DomainTools Investigations (DTI) analysis involving ValleyRAT and Silver Fox, and how new tools are enabling faster, more accessible analysis for junior and seasoned analysts alike. Whether you're a threat intel veteran or an aspiring analyst, this episode is packed with hard-earned lessons, technical insights, and future-forward thinking. They also unpack the evolution of threat intelligence from early higher-ed days of wiki-scraped snort rules to today’s graph-powered AI analysis. Wes shares the origin story behind his platform AlphaHunt, how it's being used to automate and enhance threat detection, and why community sharing remains essential even in an era of advanced tooling. ?? Listen here: https://lnkd.in/dqky7fPj

As you're making your plans for the RSA Conference, remember you can escape the show floor and join us at the DomainTools hospitality lounge across the street from the Moscone convention center for refreshments*, food, and conversations with DomainTools and our Investigations team. Location: Spaces Mission & 3rd https://lnkd.in/gvdmW46A *Please note: our refreshments unfortunately do not have dancing abilities

"A large-scale phishing campaign has been targeting defense, aerospace and IT companies that support Ukraine’s military in its war against Russia, likely seeking to harvest credentials and sensitive intelligence about the nation’s war effort, according to findings made public Tuesday. The analysis from DomainTools Investigations — which tracks online website infrastructure to identify cyber threats — said the digital infrastructure of one U.S.-based technology firm and several defense and aerospace firms in the UK, France, South Korea, Turkey, Italy and Ukraine had been spoofed in the campaign." Read more from David DiMolfetta in Nextgov/FCW here: https://lnkd.in/gAn_e3bZ

Hey all, I've been tracking SMS spear-phishing for the past 2-3 years. In recent months, a lot of it has been coming from foreign phone numbers, Tencent / Alibaba infrastructure, spoofing & typo-squatting common brands with "com-" or "org-" etc, and the relying on odd generic top-level domains like "top", "vip", "xin". Someone's definitely making their money back if each of these domains are $2-10 bucks a pop. Here's my repo which has a project which holds the IOCs and regexes for blocking via Pi-Hole: https://lnkd.in/eKKYmfae Special Thanks to DomainTools for giving me the opportunity to use their Iris Investigate tool! #CTI #OSINT #DomainTools

Great work by Raphael Satter here! (with a nod to DomainTools data, which always makes me proud as hell). https://lnkd.in/eNV_aBNd

Here is another installment of my occasional series "Where in the World is Daniel Schwalbe" - today with details about our upcoming DomainTools Investigations Closed Door Sessions next week in #Austin TX and #Boston MA. We have arranged for members of the InfoSec community to present previously unreleased research at the TLP:Amber and TLP:Red levels behind closed doors. My team and I will be there, and we hope to see you! There is still time to apply to attend at https://lnkd.in/gKqj7Epa , but space is limited - act now! ??

Fresh research from my team at DomainTools Investigations (DTI): Today we shared our latest analysis: “Phishing Campaign Targets Defense and Aerospace Firms Linked to Ukraine Conflict.” I already mentioned this in the latest edition of my Newsletter ( https://lnkd.in/gJJ7Hj5M ), but it deserves its own post: The infrastructure comprises a small number of mail servers, each supporting a set of domains designed to spoof that of a specific organization. These domains currently host webmail login pages likely intended to harvest credentials from targeted entities. ? The phishing infrastructure targets defense and aerospace entities linked to the Ukraine conflict. ? Infrastructure comprises a small number of mail servers supporting domains designed to spoof specific organizations. ? Likely intended to harvest credentials from targeted entities. ? Motivated by cyber espionage, focusing on intelligence related to the Ukraine/Russia conflict. Read the full article here: https://lnkd.in/g-aaFJCS #CyberSecurity #Ukraine #ThreatIntelligence #Phishing #InfoSec #CyberEspionage

How can organizations better prepare against cyber espionage attacks? Tim Helming from the Breaking Badness Cybersecurity Podcast explains. Listen to the full episode wherever you get podcasts: Apple: https://lnkd.in/gyDSWP6J Spotify: https://lnkd.in/ggVpapVG YouTube: https://lnkd.in/gzrcmu8P Web: https://lnkd.in/g8Jebfex