DomainTools

💻 Following a series of high-profile compromises, CISA has issued an alert highlighting a sophisticated phishing campaign targeting prominent NPM repository developers. This isn't just a simple credential dump. Attackers are using multi-stage fake NPM login pages to steal passwords and successfully intercept the legitimate email OTP/MFA code in real-time. This tactic grants them full, authenticated access to compromise the codebase. Learn about the four stages of compromise in our latest article: https://lnkd.in/gixiNMnY #Cybersecurity #InfoSec #SupplyChain #NPM

How do you uncover the infrastructure behind state sponsored ransomware? DomainTools analysts used domain risk scoring and pivots off of DNS artifacts to expose hidden connections between Russian-affiliated threat groups. Read the full investigation: Mapping Hidden Alliances: https://lnkd.in/gRYg4WYb #ThreatIntelligence #APT #Ransomware #DomainTools #CyberOps

DomainTools gives you best-in-class DNS intelligence when and where you need it. Our solutions enhance your favorite TIP, SIEM, SOAR, E/XDR, and even LLM solutions with: 🚨Alert/Event Enrichment 🔮Domain Profiles and Predictive Risk Scoring 🔗Infrastructure Pivots 🔍Whois/RDAP Data Ready to learn more? Request a demo today to explore how DomainTools integrations can support your team: https://lnkd.in/gjdd76rX

Thanks to all that attended Ian Campbell and Malachi Walker’s #BSidesNoVA talks this morning. Please don’t hesitate to stop by our table and say hello 👋 !

Don’t miss Malachi Walker’s lightening talk on the relationships between F1 and surrounding cyber activities at 11:30 at #BSidesNoVA! In this presentation, he’ll share analysis from a sample of the thousands of domains and subdomains our investigations team have uncovered and its connection to infrastructure involved in phishing and malware. https://lnkd.in/gwMwPuuW

At 11:30 AM Ian Campbell is presenting on DNS and domain intelligence as it applies to investigative journalist investigations and related OSINT applications outside of cybersecurity. In related news, Allan Liska is selling Green Archer Comics “The Press Guardian”. We highly recommend checking out his table as well! https://lnkd.in/g-vjmYiB

Attending BSides NoVA? Be sure to say hello to Malachi Walker and Ian Campbell at the DomainTools table before their talks at 11:30!

💰New research from DomainTools Investigations reveals the infrastructure behind a coordinated wallet-drain scam targeting cryptocurrency investors. Our researchers found a well-coordinated scam spanning sketchy browser extensions, mobile profile phishing, and sham cryptocurrency trading platforms, all tied together by a single web of infrastructure including: 👉 A sham website disguised as a next generation healthcare initiative powered by blockchain and AI 👉 A malicious Apple configuration profile that masquerades as a new cryptocurrency trading app called Novacrypt 👉 A fake online cryptocurrency trading/investment platform Read the full investigation here: 🔗https://lnkd.in/gdcaZ8Cc #Crypto #DNS #Cybersecurity #Cybercrime

Our VP of Global Engagement, Debbie Hartman is speaking at the Virtual AI-Driven Enablement Summit on Oct 9, 2025. ⬇️ https://lnkd.in/gGGpN2Gu This summit presents a valuable opportunity to explore how enablement teams are leveraging AI to: 👉 Clean up content chaos 👉 Deliver coaching in the flow of work 👉 Prove impact without complicating the tech stack Expect tactical wins, real tools, and practitioner-led discussions that focus on honest conversations about what works and what doesn’t. https://lnkd.in/g89eJKYY

🚨New this week from DomainTools Investigations: Our researchers found a financially motivated cluster of over 80 spoofed domain names and lure websites disguised as age 18+ social media content, government tax sites, consumer banking, online gambling applications, and Windows assistant applications. Learn more here ➡️ https://lnkd.in/gK4vTnM6 #Cybersecurity #Cybercrime #ThreatIntel