The article discusses the threat actor Hazy Hawk, who targets high-profile organizations by hijacking abandoned cloud resources like Amazon S3 and Microsoft Azure. Utilizing misconfigurations in DNS records, Hazy Hawk has redirected these domains to distribute scams and malware. The threat was first noted by Infoblox in early 2025 after control over CDC sub-domains was compromised. Hazy Hawk has since targeted various global entities, including government agencies and large corporations. Infoblox emphasizes the unexpected criminal uses of these reputable domains, which ultimately protect them from detection.
A threat actor known as Hazy Hawk is hijacking abandoned cloud resources from major organizations, leveraging misconfigurations in DNS records to promote scams and malware.
Remarkably, these hijacked domains, although linked to esteemed organizations, are not used for espionage but direct users to scams and fake applications.
Collection
[
|
...
]