Author | Lightnews

Request a Demo | DomainTools - Start here. Know now.

DomainTools @domaintools.bsky.social · 1d

DomainTools maximizes the value of OEM products by identifying up to 83% more malicious domains, 96% faster compared to industry-standard blocklists. Want to learn more? Schedule a conversation with us here: https://www.domaintools.com/demo/

Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.

Inside the Great Firewall Part 1: The Dump - DomainTools Investigations | DTI

DomainTools @domaintools.bsky.social · 6d

500GB+ of data from China's digital censorship infrastructure was leaked last month. In Part 1 of our analysis, DomainTools Investigations maps the implicated entities and initial attribution clusters.

🧵 Don't miss the thread.
https://dti.domaintools.com/inside-the-great-firewall-part-1-the-dump/

Analysis of the 500GB+ Great Firewall data breach revealing China’s state censorship network, VPN evasion tactics, and the operators behind it.

DomainTools Demo - DomainTools | Start Here. Know Now.

2

DomainTools @domaintools.bsky.social · 6d

Ransomware & phishing campaigns are evolving fast. DomainTools helps Federal defenders stay ahead by exposing the infrastructure behind the threats.
Schedule a demo today to learn how your team can use DNS intelligence to strengthen your cyber posture: https://www.domaintools.com/domaintools-demo/

Request a Demo | DomainTools - Start here. Know now.

DomainTools @domaintools.bsky.social · 7d

Year-end budgets are in play. Are you making them count? 🤔DomainTools integrations instantly enhance your security stack & deliver key DNS intelligence so you can:
🔍Enrich alerts
⚡Automate investigations
🗺️Map adversary infrastructure
Request a demo today! https://www.domaintools.com/demo/

Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.

Request a Demo | DomainTools - Start here. Know now.

DomainTools @domaintools.bsky.social · 8d

From NPM bypasses to crypto scam networks—October brought a wave of complexity, and we’ve got the full analysis.

Read and subscribe to October’s edition of the DomainTools Investigations Newsletter here: https://www.linkedin.com/newsletters/dt-investigations-news-7289801727560630273/

DomainTools @domaintools.bsky.social · 8d

Is your team maximizing it DNS intel? DomainTools helps defenders uncover adversary infrastructure before it becomes a threat. Download our Best Practices Guide for OEMs to learn how our data empowers proactive defense & delivers up to 17X ROI in the first year. https://ow.ly/VcEU50Xh3Le

DomainTools @domaintools.bsky.social · 9d

Tired of jumping between security tools? We’ve got you covered.

DomainTools integrates with your favorite SOC platforms to deliver comprehensive DNS intelligence. Get the right data where you need it.

Request a demo to see our integrations in action.
https://www.domaintools.com/demo/

Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.

Request a Demo | DomainTools - Start here. Know now.

DomainTools @domaintools.bsky.social · 12d

Get the intelligence you need, right where you work 💻 DomainTools integrates with your favorite tools to deliver:
🚨Alert/Event Enrichment
🔮Predictive Risk Scoring
🔗Infrastructure Pivots
🔍Whois/RDAP Data
See how our integrations support your team.
https://www.domaintools.com/demo/

Discover how DomainTools can enhance your organizations capabilities and stop threats before they happen. Request a DomainTools demo today.

Mapping Hidden Alliances in Russian-Affiliated Ransomware - DomainTools Investigations | DTI

DomainTools @domaintools.bsky.social · 13d

Government and military systems are among the highest-profile targets for attackers. Passive DNS data from DomainTools aids government agencies worldwide in gaining context on attacks against government or military infrastructure & networks. Learn more: https://youtu.be/NEf4hMR6qo8?t=130

DomainTools @domaintools.bsky.social · 13d

How do you uncover the infrastructure behind state sponsored ransomware? Our analysts used domain risk scoring to expose connections between Russian-affiliated threat groups. Read the full investigation: dti.domaintools.com/mapping-hidd... #ThreatIntel #APT #Ransomware #DomainTools #CyberOps

Explore the hidden web of Russian-affiliated ransomware groups through a visual map revealing human overlaps, shared infrastructure, and evolving cybercriminal alliances in the post-Conti era

SecuritySnack: Repo The Repo - NPM Phishing - DomainTools Investigations | DTI

DomainTools @domaintools.bsky.social · 20d

🚨NPM developers are being targeted by sophisticated phishing that defeats MFA.

Attackers use multi-stage fake login pages to steal both credentials and MFA/OTP codes. Account takeover is fast and silent.
Read more:
dti.domaintools.com/securitysnac...

#CyberSecurity #NPM #InfoSec

A deep dive into the 4-stage NPM phishing attack flow that led to high-profile repository account takeover. Protect your development security.

The Race Against New Threats: How Formula 1 Became a Hotbed of Cyber Activity

DomainTools @domaintools.bsky.social · 25d

Thanks to all that attended Ian Campbell and @mjwalk.bsky.social #BSidesNoVA talks this morning. Please don’t hesitate to stop by our table and say hello 👋 !

DomainTools @domaintools.bsky.social · 26d

Don’t miss @mjwalk.bsky.social lightening talk on the relationships between F1 and surrounding cyber activities at 11:30 at #BSidesNoVA!

bsidesnova-2025.sessionize.com/session/1000...

Cyber and racing enthusiasts alike: Start. Your. Engines! The evolution of technology used in Formula 1 (F1) racing has caused each vehicle on the track to become computers on wheels. Formula 1 may be...

bsidesnova-2025.sessionize.com

DomainTools @domaintools.bsky.social · 26d

At 11:30 AM Ian is presenting on DNS and domain intelligence as it applies to investigative journalist investigations. In related news, Allan Liska is selling “The Press Guardian”. We highly recommend checking out his table as well!

bsidesnova-2025.sessionize.com/session/1001...

DomainTools @domaintools.bsky.social · 26d

Attending #BSidesNoVA? Be sure to say hello to Malachi and Ian at the DomainTools table before their talks at 11:30!

Malachi and Ian standing at the DomainTools tabletop

DomainTools @domaintools.bsky.social · 27d

💰 One attacker, one IP address. DTI discovered a coordinated web of wallet-drain scams all traced back to the same infrastructure. Learn how one setup runs multiple scams.

Full report:

🔗 dti.domaintools.com/inside-a-cry...

#Crypto #Cybercrime #ThreatIntel

Inside a Crypto Scam Nexus - DomainTools Investigations | DTI

A massive crypto wallet-drain conspiracy links fake trading sites to a single criminal IP address. See our investigative deep dive into how these orchestrated scams are draining user funds.

SecuritySnack: 18+E-Crime - DomainTools Investigations | DTI

DomainTools @domaintools.bsky.social · Oct 3

New from DTI: A financially-motivated cluster of spoofed domains disguised as age 18+ social media content, government tax sites, consumer banking, and online gambling apps targeting Windows and Android users. Learn more ⬇️ dti.domaintools.com/securitysnac...

#cybercrime #cybersecurity #threatintel

Starting in September 2024, a financially motivated cluster of more than 80 spoofed domain names and lure websites began targeting users with fake applications and websites themed as government tax si...

Cybersecurity Reading List - Week of 2025-09-29 - DomainTools Investigations | DTI

DomainTools @domaintools.bsky.social · Sep 30

📖 Dive into this month's essential #cybersecurity reading list. Discover new research and articles from Google, The Record , @schneier.com , and more. Explore the list here: dti.domaintools.com/cybersecurit...

#InfoSec #ThreatIntel

Commentary followed by links to cybersecurity articles that caught our interest internally.

DT Investigations News | LinkedIn

3

DomainTools @domaintools.bsky.social · Sep 30

JUST DROPPED: Our Head of Investigations’ monthly newsletter!

📰This edition shares research on Salt Typhoon, the Kimsuky leak, PoisonSeed, and a banker trojan targeting android users in Southeast Asia: www.linkedin.com/newsletters/...

#Cybersecurity #ThreatIntel #InfoSec

Monthly updates featuring community-based research focused on Domain- and DNS-based attacks

www.linkedin.com

2

DomainTools @domaintools.bsky.social · Sep 29

Big news! Our Real-Time Threat Feeds are now available.

With feeds for high-risk and newly-discovered domains, you get instant, 97%+ Internet-wide visibility to strengthen your blue team and threat detection efforts.

Learn how: www.domaintools.com/resources/bl...

Proactive Defense with DomainTools Real-Time Feeds - DomainTools | Start Here. Know Now.

Stop domain-based threats before they start. Discover how DomainTools Real-Time Feeds deliver instant visibility into over 97% of the Internet, combining our predictive Risk Score with real-time updates for proactive cybersecurity.

Inside Salt Typhoon: China’s State-Corporate Advanced Persistent Threat - DomainTools Investigations | DTI

DomainTools @domaintools.bsky.social · Sep 25

DomainTools Investigations analyzed infrastructure and operational profiles for Salt Typhoon. Our research includes crucial intelligence for attribution, detection, and threat modeling. Read more here➡️ dti.domaintools.com/inside-salt-...

#ThreatIntel #SaltTyphoon #Cybersecurity #NationStateAPT

Salt Typhoon is a Chinese state-sponsored cyber threat group aligned with the Ministry of State Security (MSS), specializing in long-term espionage operations targeting global telecommunications infra...

Avoiding Activation Scams this Football Season - DomainTools | Start Here. Know Now.

DomainTools @domaintools.bsky.social · Sep 16

Football season is back, and so are the scammers! 🏈 Learn how to avoid activation scams spoofing services like ESPN & CBS, and get essential security tips for organizations and end-users. Read our latest research today:
https://bit.ly/4nr2o0W

Learn how to use the DomainTools real-time Feed API within Splunk. This API enables faster detection, more flexible integration, and rapid adaptation to threats.