Researchers at Cyjax have released a report outlining a new threat actor named Fangxiao. According to research the group is behind the creation of 42,000 domains that impersonate at least 400 major brand across the world. The for-profit group has been around since 2017, and uses their created websites to drive traffic to them, making a profit either through their web visits or by directing traffic to the websites of others. All of the websites are used to impersonate brands and set up scams such as winning free products or offering free software in order to persuade the victim to download the Triada Trojan or other malware.
The group is suspected to be based out of China, based on observations researchers have made regarding the language used by the threat group. Approximately 300 new domains are registered by the group daily, which can have detrimental effects on the customers of these legitimate brands as well as values of the targeted brands themselves. Companies should ensure they are monitoring for these fraudulent domains being created. By using a service such as the Binary Defense Counterintelligence team to search for, identify, and report on these domains, companies can ensure that typo-squatted domains are identified and addressed quickly before it can affect customers.