Wednesday, April 23, 2025
HomeInfosec- ResourcesDomain Fronting - A New Technique For Hiding Malware Command and Control...

Domain Fronting – A New Technique For Hiding Malware Command and Control (C2) Traffic within a Content Delivery Network

Published on

SIEM as a Service

Follow Us on Google News

A New Technique called ” Domain Fronting “  allow cybercriminals to hide the command & control Networks Traffic within a CDN. It acts as a mask for  C&C networks and widely used advanced Technique for Malware Evasion.

“A content delivery network (CDN) is a system of distributed servers (network) that deliver pages and other Web content to a user, based on the geographic locations of the user, the origin of the web page and the content delivery server.”

There are many CND’s performing this content Delivery operation including CloudFlare, Akamai, Azure, Amazon.

- Advertisement - Google News

This Method Affected by Many  CND’s and major impact has been Identified in Akamai Technologies which carried the highly significant amount of traffic of various HIgh reputation domains through which we can mask our traffic.

According to Akamai, their CDN carries 15-30% of the world’s web traffic, and it is extremely common to see outbound traffic to Akamai’s network from almost any potential target. This makes Akamai’s CDN a prime target for this new approach to domain fronting.

Domain Fronting Working Method

Also Read    Using n1n3 to Simulate an evasive “Fileless” Malware – Proof Of Concept

TOR Project used For Domain Fronting

Tor Project used to implement the Domain Fronting to evade censorship in Different Countries where the internet Restriction that denies accessing the Particular Website which serves under the Content Delivery Networks.

One specific Akamai domain (a248.e.akamai.net) was in use by the Tor project to bypass China’s internet restrictions and was later blocked in China, as it was used bypass the country’s content filtering controls.Cyber Ark said.

Few months before CyberArk explained about this Domain Fronting says, There are 1000 of Domains are affected by this Domain Fronting Method includes domains for Fortune 100 companies.

Two Requirements of Domain Fronting

As an Attacker, you need two Requirements for Successfully implementing the DF For Evade the Traffic of Command & Control.

  • A two-way, persistent read-write mechanism (system or application) must be hosted by the CDN. Which means to utilize the list of an application hosted by the CDN to exchange instructions and data with Attacker.
  • Malware must be specially crafted to use this C2 channel, and users’ machines must be infected with this malware.

Implementing Malware Command and Control 

CyberArk Conclude that This C2 evasion technique emphasizes the point that attackers, insiders or external actors, will find ways to establish a foothold within the network.

The CDN could also give each domain virtual IP addresses that are tied to a specific SSL certificate. This stops malware from nesting in CDNs, but there are simply not enough public IPv4 addresses to make this happen.

Also Read   Hackers Increasing the use of “Command Line Evasion and obfuscation” to Spread Advance Level Threats

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hackers Exploit Cloudflare Tunnel Infrastructure to Deploy Multiple Remote Access Trojans

The Sekoia TDR (Threat Detection & Research) team has reported on a sophisticated network...

Threat Actors Leverage npm and PyPI with Impersonated Dev Tools for Credential Theft

The Socket Threat Research Team has unearthed a trio of malicious packages, two hosted...

Hackers Exploit Legitimate Microsoft Utility to Deliver Malicious DLL Payload

Hackers are now exploiting a legitimate Microsoft utility, mavinject.exe, to inject malicious DLLs into...

Cybercriminals Exploit Network Edge Devices to Infiltrate SMBs

Small and midsized businesses (SMBs) continue to be prime targets for cybercriminals, with network...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Is this Website Safe: How to Check Website Safety – 2025

is this website safe? In this digital world, Check a website is safe is...

LegionLoader Abusing Chrome Extensions To Deliver Infostealer Malware

LegionLoader, a C/C++ downloader malware, first seen in 2019, delivers payloads like malicious Chrome...

PentestGPT – A ChatGPT Powered Automated Penetration Testing Tool

GBHackers come across a new ChatGPT-powered Penetration testing Tool called "PentestGPT" that helps penetration...