By rssfeeds-admin 
Leveraging abandoned or expired domains, threat actors have spun up more than 48,000 virtual hosts across 86 clusters, pairing each with cloned websites of major global brands, including Lockheed Martin, while serving illicit content, such as gambling and malware distribution pages, to unsuspecting users.
class="wp-block-heading" id="exploiting-expired-domains-and-advanced-cloaking-t">Exploiting Expired Domains and Advanced Cloaking Techniques
The attack chain begins when an organization fails to renew a domain name. The adversary acquires the lapsed domain and configures it on Google Cloud or Cloudflare, routing traffic through the provider’s high-trust network.
Using a cloaking technique, the platform inspects incoming requests’ User-Agent headers and geolocation metadata: search engine crawlers, corporate monitoring tools, and victims from whitelisted IP ranges see a pristine clone of the legitimate brand’s site, while all other visitors are funneled to gambling pages or malware payloads.
This black-hat SEO approach evades detection and manipulates search rankings, ensuring the malicious infrastructure remains indexed and accessible.
Regulatory and Legal Implications for Cloud Providers and Victim Brands
Deep Specter’s findings highlight that brands unknowingly continue serving content to malicious clones on the same cloud networks, creating exposure under GDPR, DMCA, FTC, and SEC disclosure requirements.
In total, more than 265 public detections went unaddressed by the cloud providers, suggesting a willful blindness to long-term abuse.
As the phishing-as-a-service infrastructure evolves through at least seven generations of code, these platforms risk regulatory penalties and reputational damage unless they implement continuous HTTP-header monitoring, aggressive domain-expiration alerts, and real-time fingerprint-based takedown systems.
Without these measures, brand-trusted services will remain unwitting accomplices to one of the internet’s longest-running phishing campaigns.
Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates
The post Stealth Phishing Campaign Lurks for 3+ Years on Google Cloud and Cloudflare appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.