1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Experts flag a huge amount of cyberattacks coming from this unexp

    From TechnologyDaily@1337:1/100 to All on Tuesday, July 08, 2025 16:15:07
    Experts flag a huge amount of cyberattacks coming from this unexpected domain

    Date:
    Tue, 08 Jul 2025 15:02:00 +0000

    Description:
    Cybersecurity researchers have observed a huge spike in the use of .es TLDs
    in recent months, mostly to host phishing campaigns.

    FULL STORY ======================================================================Experts observe a 19x quarter-over-quarter rise in .es usage for malicious campaigns 99% were credential phishing attacks, with 1% relating to remote access trojans Microsoft was by far the most commonly impersonated brand

    Cybersecurity experts from Cofense have revealed a 19x increase in malicious campaigns using .es domains between Q4 2024 and Q5 2025, making it the third-most abused top-level domain (TLD) after .com and .ru.

    Typically reserved for businesses and organizations in Spain, or Spanish-speaking audiences, researchers found nearly 1,400 malicious subdomains across nearly 450 .es base domains between January and May.

    An overwhelming majority (99%) of the campaigns involved credential phishing, with most of the remaining 1% delivering remote access trojans (RATs) like ConnectWise RAT, Dark Crystal and XWorm. .es domains are proving popular for phishing attacks

    Although the rise of .es domains in cyberattacks is noteworthy, attack
    vectors remain unchanged. Malware was seen to be delivered by C2 nodes or spoofed emails, with most (95%) impersonating Microsoft (an attacker's favorite). Adobe, Google, Docusign and the Social Security Administration
    made up the top-five most commonly impersonated websites. Email lures often mimicked HR and document-related requests.

    Interestingly, the malicious .es subdomains were randomly generated, not crafted manually, making them easier to identify as being fake. Examples include ag7sr[.]fjlabpkgcuo[.]es and gymi8[.]fwpzza[.]es.

    Despite researchers suggesting that no similarities can be used to link attacks to a single group, 99% of the malicious .es domains were hosted on Cloudflare.

    "If one threat actor or threat actor group were taking advantage of .es TLD domains then it is likely that the brands spoofed in .es TLD campaigns would indicate certain preferences by the threat actors," the researchers wrote.

    Cofense explained that "significant restrictions" on the usage of .es TLDs were in place until 2005, adding that the recent rise in .es-related attacks could be a cause for concern, marking a new trend exploiting the authority that country-related TLDs unofficially carry. You might also like We've
    listed the best identity theft protection services Keep yourself protected online by installing the best business VPN ChatGPT and other AI tools could
    be putting users at risk by getting company web addresses wrong



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/experts-flag-a-huge-amount-of-cyberatta cks-coming-from-this-unexpected-domain


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)