Common Information
| Type | Value |
|---|---|
| Value |
CDNs - T1596.004 |
| Category | Attack-Pattern |
| Type | Mitre-Attack-Pattern |
| Misp Type | Cluster |
| Description | Adversaries may search content delivery network (CDN) data about victims that can be used during targeting. CDNs allow an organization to host content from a distributed, load balanced array of servers. CDNs may also allow organizations to customize content delivery based on the requestor’s geographical region. Adversaries may search CDN data to gather actionable information. Threat actors can use online resources and lookup tools to harvest information about content servers within a CDN. Adversaries may also seek and target CDN misconfigurations that leak sensitive information not intended to be hosted and/or do not have the same protection mechanisms (ex: login portals) as the content hosted on the organization’s website.(Citation: DigitalShadows CDN) Information from these sources may reveal opportunities for other forms of reconnaissance (ex: [Active Scanning](https://attack.mitre.org/techniques/T1595) or [Search Open Websites/Domains](https://attack.mitre.org/techniques/T1593)), establishing operational resources (ex: [Acquire Infrastructure](https://attack.mitre.org/techniques/T1583) or [Compromise Infrastructure](https://attack.mitre.org/techniques/T1584)), and/or initial access (ex: [Drive-by Compromise](https://attack.mitre.org/techniques/T1189)). |
| Details | Published | Attributes | CTI | Title | ||
|---|---|---|---|---|---|---|
| Details | Website | 2021-12-03 | 21 | Vulnerabilities Exploited for Monero Mining Malware Delivered via GitHub, Netlify | ||
| Details | Website | 2021-11-20 | 17 | CTI Project: Threats Leveraging Legitimate Services | ||
| Details | Website | 2021-11-19 | 0 | Don't Search by Port | ||
| Details | Website | 2021-11-16 | 12 | Attackers use domain fronting technique to target Myanmar with Cobalt Strike | ||
| Details | Website | 2021-11-16 | 20 | Attackers use domain fronting technique to target Myanmar with Cobalt Strike | ||
| Details | Website | 2021-10-12 | 9 | Cobalt Strike | Defining Cobalt Strike Components & BEACON | ||
| Details | Website | 2021-09-29 | 9 | Malvertising: Made in China | ||
| Details | Website | 2021-08-17 | 1 | 23 Good-To-Know Networking Acronyms and Abbreviations | ||
| Details | Website | 2021-08-05 | 32 | HTTP/2: The Sequel is Always Worse | ||
| Details | Website | 2021-06-24 | 0 | The 10 must-attend sessions at Black Hat 2021 | Wiz Blog | ||
| Details | Website | 2021-05-27 | 40 | SensePost | Adventures into http2 and http3 | ||
| Details | Website | 2021-05-06 | 12 | Analysis of HSTS Caches of Different Browsers | ||
| Details | Website | 2021-04-07 | 13 | Sowing Discord: Reaping the benefits of collaboration app abuse | ||
| Details | Website | 2020-12-30 | 20 | Finding The Origin IP Behind CDNs - ZDResearch | ||
| Details | Website | 2020-09-11 | 29 | Research Roundup: Activity on Previously Identified APT33 Domains | ||
| Details | Website | 2020-08-10 | 36 | DarkSide | ||
| Details | Website | 2020-08-10 | 0 | DDoS attacks in Q2 2020 | ||
| Details | Website | 2020-08-05 | 0 | International IP Transit Provider Boosts Revenue with Enhanced Network Visibility | NETSCOUT | ||
| Details | Website | 2020-06-26 | 16 | New Magecart Attack TargetUS Local Government Services | ||
| Details | Website | 2020-06-17 | 0 | AWS said it mitigated a 2.3 Tbps DDoS attack, the largest ever | ||
| Details | Website | 2020-05-25 | 0 | RangeAmp attacks can take down websites and CDN servers | ||
| Details | Website | 2020-05-13 | 0 | COVID-19 Network Traffic Patterns: A Worldwide Perspective from Our Customers | NETSCOUT | ||
| Details | Website | 2020-04-28 | 0 | ATT&CK Series: Collection Tactics – Part Two | ||
| Details | Website | 2020-04-05 | 1 | Russian telco hijacks internet traffic for Google, AWS, Cloudflare, and others | ||
| Details | Website | 2020-02-26 | 11 | Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server | Malwarebytes Labs |