Threat Actors Turn to Blockchain Infrastructure to Host & Hide Malicious Activity

In a troubling trend for enterprises and law enforcement, threat actors are ramping up their use of blockchain domains to hide malicious activity and improve their ability to withstand takedown efforts. Security vendor FireEye says it has observed a recent uptick in interest in cryptocurrency infrastructure in the cyber underground over the last year.

Many different software families have been reconfigured to use blockchain domains for command and control infrastructure, according to FireEye. The main advantage for threat actors in using blockchain domains is that the domains they register have no central authority — such as Internet Corporation for Assigned Names and Numbers (ICANN) or other third-party registrars.

Read more about how .bit domains are increasingly being used to hide payloads, stolen data, and command and control servers on DarkReading.





Gain Deeper Insights Into The Threat

Sign up to gain access to our special reports on threat actors and their tactics as well as daily Threat Brief.

Your support will enable us to continue our production of action-oriented content and help us help you stay informed on the latest in adversary activities.

Try our free two week trial.

Sign Up For Free Trial of The Daily Threat Brief