Thursday, January 23, 2025
HomeCyber CrimeTriad Nexus, Chinese Hackers Using 200,000 Domains For Widespread Cyber Attack

Triad Nexus, Chinese Hackers Using 200,000 Domains For Widespread Cyber Attack

Published on

SIEM as a Service

Follow Us on Google News

Researchers identified FUNNULL, a Chinese CDN, as hosting malicious content, which includes fake trading apps for financial fraud, gambling sites likely used for money laundering, and phishing login pages targeting luxury brands. 

The gambling sites use algorithmically generated domains and Tether cryptocurrency, possibly to bypass blocking and facilitate cross-border money flows. 

FUNNULL acquired polyfill.io, a JavaScript library used by major websites, raising concerns about potential supply chain attacks, lacks a clear takedown process and uses bulletproof hosting tactics, making it difficult to remove malicious content. 

An error page with a consistent theme referencing FUNNULL
An error page with a consistent theme referencing FUNNULL

A significant global financial fraud campaign leveraging the FUNNULL CDN infrastructure and hosts a vast array of malicious content, including fake trading apps impersonating reputable financial institutions, fraudulent job scams, and numerous suspect gambling websites. 

2024 MITRE ATT&CK Evaluation Results for SMEs & MSPs -> Download Free Guide

The threat actors employ Domain Generation Algorithms (DGAs) to generate a high volume of unique hostnames, obscuring their malicious activities. 

Its extensive network of Points of Presence (PoPs) distributed across various regions, including major cloud providers like Microsoft and Amazon, facilitates the rapid deployment and dissemination of these fraudulent schemes.

FUNNULL CNAME chains
FUNNULL CNAME chains

FUNNULL, a CDN service with ties to ACB Group, has been implicated in facilitating online gambling activities, as the company operates out of China and caters to a niche market, offering discounted rates for bulk domain management. 

Many gambling websites, including those associated with Suncity Group, a company involved in illegal gambling and money laundering, are hosted on FUNNULL’s servers, suggesting that FUNNULL may be complicit in these illicit activities, potentially violating Chinese laws and international regulations. 

ACB Group public webpage
ACB Group public webpage

An investigation by Silent Push into Suncity Group’s online gambling operations revealed a large network of websites hosted on the FUNNULL content delivery network (CDN). 

It led to the discovery of a GitHub account “xianludh” containing templates for these gambling sites, which suggests a single source creating a significant portion of FUNNULL-hosted content. 

Further investigation of the “xianludh” repository uncovered a page mentioning money laundering and linking to Telegram channels promoting “money-moving” networks, which appear to be facilitated by FUNNULL-hosted websites as well, suggesting a connection between Suncity’s gambling and potential money laundering activities. 

“xianludh” template found on GitHub
“xianludh” template found on GitHub

A large-scale phishing campaign targeting major retail brands, as the attacks, orchestrated by a threat actor leveraging the FUNNULL CDN, involved malicious login pages designed to steal user credentials. 

In order to obtain sensitive information, these phishing websites, which were frequently hosted on subdomains of compromised domains, carried out similar techniques. 

The FUNNULL CDN has also been implicated in other cyberattacks, including a supply chain attack targeting over 110,000 websites through the polyfill.io library, which highlights the potential risks associated with using less reputable CDNs and underscores the importance of vigilant security practices to protect against such threats.

Investigate Real-World Malicious Links, Malware & Phishing Attacks With ANY.RUN – Try for Free

Aman Mishra
Aman Mishra
Aman Mishra is a Security and privacy Reporter covering various data breach, cyber crime, malware, & vulnerability.

Latest articles

Critical Vulnerability in Next.js Framework Exposes Websites to Cache Poisoning and XSS Attacks

A new report has put the spotlight on potential security vulnerabilities within the popular...

New Cookie Sandwich Technique Allows Stealing of HttpOnly Cookies

The "Cookie Sandwich Attack" showcases a sophisticated way of exploiting inconsistencies in cookie parsing...

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

GhostGPT – Jailbreaked ChatGPT that Creates Malware & Exploits

Artificial intelligence (AI) tools have revolutionized how we approach everyday tasks, but they also...

Tycoon 2FA Phishing Kit Using Specially Crafted Code to Evade Detection

The rapid evolution of Phishing-as-a-Service (PhaaS) platforms is reshaping the threat landscape, enabling attackers...

Microsoft Unveils New Identity Secure Score Recommendations in General Availability

Microsoft has announced the general availability of 11 new Identity Secure Score recommendations in...