A massive advertising fraud campaign, dubbed " SubdoMailing ," exploits hacked subdomains of major brands to distribute up to 5 million malicious emails per day. This large-scale cyberattack highlights the vulnerability of security systems and the growing risks for internet users.
Prestigious names misappropriated for malicious purposes
Renowned brands such as MSN , VMware, McAfee, The Economist , Cornell University, CBS, NYC.gov, PwC, Pearson, Better Business Bureau, UNICEF, ACLU, Symantec, Java.net, Marvel, and eBay have fallen victim to this campaign. Hackers exploit the trust users place in these names to bypass spam filters and spread their fraudulent messages.
A sophisticated scheme to maximize profits
Cybercriminals use two main techniques to hack subdomains:
- CNAME attacks: They search for subdomains with CNAME records pointing to unregistered external domains, then register them themselves.
- Exploitation of SPF records: include option in SPF records to import authorized email senders from external domains they now control.
By modifying the SPF records of hacked domains, hackers can make their emails appear to come from legitimate brands, thus increasing the likelihood that they will be opened by recipients.
A sprawling and constantly evolving network
SubdoMailing uses a vast network of 8,000 domains and 13,000 subdomains, 22,000 IP addresses , and a thousand residential proxies to distribute its fraudulent emails. The operation is run by a malicious actor, nicknamed " ResurrecAds ," who constantly searches for new domains to hack and updates its infrastructure to maintain its effectiveness.
A considerable impact and increased risks for internet users
The scale of the SubdoMailing campaign is alarming. The fraudulent emails may contain links to phishing websites , malware , or scams . Users who click on these links risk losing their personal data, becoming infected with viruses, or being victims of financial theft.
How to protect yourself?
- Be vigilant : Be wary of emails from unknown addresses, even if they appear to be from a trusted brand.
- Never click on links in suspicious emails.
- Check the sender : Make sure the sender's email address matches the brand they claim to represent.
- Hover over the links before clicking them to display the actual URL.
- Use a high-performance antivirus and anti-spam program .
- Stay informed about the latest cybersecurity threats.
An urgent call to action
The SubdoMailing campaign highlights the need for increased collaboration between businesses, authorities, and internet users to combat cybercrime. Domain owners must take steps to protect their subdomains from hacking, and users must be educated about the risks and how to protect themselves.
In conclusion , the SubdoMailing cyberattack is a serious warning. It is essential that all stakeholders unite to counter the growing threat of cybercrime and protect internet users.
![gaming keyboard and mouse on a desk](https://tt-hardware.com/wp-content/uploads/2021/04/equipement-geek-218x150.jpg "PC Gaming 2026: The end of an era and the advent of "Next-Gen" architectures.")