Commencing April, we noticed a surge in phishing spam emissions leveraging residential proxy networks, akin by scale and speed to the heydays of botnet spam in the 2000s. ๐Ÿ“ˆ ๐Ÿค– Looking closer, we assess this is a major shift of a persistent China-nexus threat actor predominately targeting Japan, emancipating themselves from disseminating phishing via subnets at several branches of China Telecom and China Unicom. โคต๏ธ image
๐Ÿ‡ณ๐Ÿ‡ฑ Netherlands-based Delft University of Technology (TU DELFT) has left itself wide open to abuse by spammers due to an open redirector vulnerability. Their site currently allows user-supplied href=parameters, meaning attackers can redirect visitors through TU DELFT's trusted domain to an external (and likely malicious) site (bskeklive[.]com), which then redirects again to another domain (cpofers[.]com), hosting X-rated content ๐Ÿ’‹๐Ÿคฏ You can find a safer demo here ๐Ÿ‘‰ https://etv.tudelft.nl/usm/interpret/link?href=https://www.spamhaus.org/โฌ‡๏ธ