KnowBe4 has observed a 98% rise in phishing campaigns hosted on Russian (.ru) top-level domains (TLDs) from December 2024 to January 2025, primarily used for credential harvesting.
These Russian .ru domains are run by so-called “bullet-proof” hosting providers, that are known to keep malicious domains running and ignore abuse reports which is ideal for cybercriminals.
Many of the phishing emails that we identified and investigated had passed through one or more security products including Exchange Online Protection, Barracuda Email Security Gateway, Mimecast, and Cisco Ironport.
KEY FINDINGS
- 98% increase in phishing sites using .ru TLDs from December 2024 to January 2025
- 1,500 unique .ru domains identified as part of the campaign
- 377 new domains registered with “bulletproof” registrar R01-RU
- More than 13,000 malicious emails with the domain were reported
- 2.2% of observed emails from .ru domains were phishing emails
- 7.4 days average age of a .ru domain
You can get the full details here.
Related
This entry was posted on March 17, 2025 at 10:14 am and is filed under Commentary with tags KnowBe4. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
KnowBe4 Sees 98% Spike in Phishing Campaigns Leveraging Russian (.ru) Domains
KnowBe4 has observed a 98% rise in phishing campaigns hosted on Russian (.ru) top-level domains (TLDs) from December 2024 to January 2025, primarily used for credential harvesting.
These Russian .ru domains are run by so-called “bullet-proof” hosting providers, that are known to keep malicious domains running and ignore abuse reports which is ideal for cybercriminals.
Many of the phishing emails that we identified and investigated had passed through one or more security products including Exchange Online Protection, Barracuda Email Security Gateway, Mimecast, and Cisco Ironport.
KEY FINDINGS
You can get the full details here.
Share this:
Like this:
Related
This entry was posted on March 17, 2025 at 10:14 am and is filed under Commentary with tags KnowBe4. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.