THE article discusses a significant cloud DNS takeover campaign conducted by a suspected Chinese operator, targeting 163 organizations across various sectors, including government and healthcare. The attack involves SEO poisoning by exploiting abandoned cloud DNS delegations, hijacking enterprise subdomains to host Thai gambling content and manipulate search engine rankings.
Researchers from Cyble found that the attackers systematically claimed orphaned DNS zones under new Azure subscriptions, generating legitimate-looking content with Let's Encrypt certificates. The operation leverages a centralized system to filter traffic from specific geographies, particularly Thailand, to optimize their income through affiliate marketing. Security teams are urged to audit their DNS records and improve decommissioning practices to prevent similar attacks.