SolarWinds Attackers Gear Up for Typosquatting AttacksSolarWinds Attackers Gear Up for Typosquatting Attacks

The same infrastructure traced back to Russian-speaking threat group Nobelium is being used to set up misspelled domain names, presaging impersonation attacks bent on credential harvesting, analysts say.

Dark Reading Staff, Dark Reading

May 3, 2022

1 Min Read
Source: Panther Media GmbH via Alamy

A typosquatting campaign intended to abuse popular brands is in the works, likely tied to Nobelium, the notorious Russian-state-backed group behind the SolarWinds attacks.

Recorded Future in its latest research is warning that the attackers are using infrastructure similar to that known to be used by Nobelium, to set up their command-and-control (C2) servers. 

This time, the group is preying on users looking online for specific brands who enter common spelling errors or "typos" in the URL. Those misspelled domain names are purchased by threat actors, who stand up spoofed sites to trick people into giving up their credentials, credit-card details, and more. 

"A key factor we have observed from Nobelium operators involved in threat activity is a reliance on domains that emulate other brands (some legitimate and some that are likely fictitious businesses)," the Recorded Future team explained in their report. "Domain registrations and typosquats can enable spearphishing campaigns or redirects that pose a threat to victim networks and brands."

About the Author

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Human finger pointing to the word "deepseek" in blue on a computer screen with the words "into the unknown" under it
Cyber Risk
DeepSeek AI Fails Multiple Security Tests, Raising Red Flag for BusinessesBiz Beware: DeepSeek AI Fails Multiple Security Tests
byElizabeth Montalbano, Contributing Writer
Feb 11, 2025
4 Min Read
Binary code floating trough space on an angle
Cyberattacks & Data Breaches
Salt Typhoon's Impact on the US & BeyondSalt Typhoon's Impact on the US & Beyond
byMichael McLaughlin, Jillian Cashand 1 more
Feb 11, 2025
4 Min Read
Five heads on matchsticks; flames grew higher toward the right of image
Cybersecurity Operations
Analyst Burnout Is an Advanced Persistent ThreatAnalyst Burnout Is an Advanced Persistent Threat
byWilliam MacMillan
Feb 10, 2025
4 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events