Phishing Attack by Chinese Hackers Used 42,000 Imposter Domains

Cybersecurity researchers recently identified a massive phishing attack campaign targeting major companies around the world. The attack used more than 42,000 imposter domains that Chinese hackers registered to impersonate trusted websites of the targeted organizations.

Phishing Attack – The attack was likely intended to steal sensitive information such as passwords and banking credentials from individuals visiting these fake websites. The hackers had registered the domains using false information in order to obscure their identities and avoid detection.

The scale of this attack is alarming and demonstrates how far cybercriminals will go to target valuable data. Many of these phishing campaigns are designed to exploit basic security flaws, such as users clicking on links or opening attachments sent from unknown sources. It is essential that companies and individuals remain vigilant in order to protect against such attacks.

Key Takeaways

Social media has become an important part of our lives, with people spending an average of 147 minutes on social media platforms every day. But these sites can be a source of a cyber security threat, as evidenced by the recent phishing attack campaign.

Attack Details

The recent incident involving the use of 42,000 imposter domains led to a large-scale phishing attack that affected people worldwide. The attacker’s malicious scheme was intricate and widespread. Here are the must-know details concerning this cyber threat.

  • The hackers were able to register over 42,000 imposter domain names in a relatively short period of time. These domains had similar designs and messaging as the trusted brand’s website, making it difficult for users to differentiate between legit websites and those created by the attacker.
  • The fake sites exploited users’ trust and convinced them to click links sent through WhatsApp with a promise of rewards. Upon clicking on the link, users are directed firstly to a page seeking personal information. They are then encouraged to complete surveys in order to claim cash prizes or discounts from popular brands such as Emirates, Shopee, Unilever, Indomie, Coca-Cola, McDonald’s, and Knorr.
  • Victims are then asked to forward the message to five groups or 20 friends. However, this is only a rouse; in reality, the final redirect hinges on the IP address of the victim and User-Agent string which can be used by the attackers to track the device.

CISO Guidance Points

Employees should be informed about the importance of cyber security and the risks associated with it. They should also be trained on how to recognize different types of cyber threats, such as phishing emails, malicious software, and other hacking attempts.

As general guidance points, employees should:

  • Validate email addresses before responding or clicking links. Before responding to any emails from unknown sources, double-check that the email address is legitimate and not a spoofed version of an existing, valid address.
  • Verify all links before clicking on them. Even if the email appears to come from a trusted source, it is important to verify any links included in the message prior to clicking on them. This can be done by hovering over the link or by pasting it into a text editor to view the full URL.
  • Use strong passwords for their work accounts and regularly update them, as well as avoid clicking on suspicious links or attachments in emails.
  • Report any suspicious activity involving their accounts to the IT department immediately. This can help prevent further phishing attempts and help protect your organization’s data and resources.
  • Use two-factor authentication or other security measures when accessing sensitive data, and monitor the usage of public networks to reduce the chances that confidential information is compromised. Implementing two-factor authentication can add an extra layer of protection to ensure that only authorized individuals are able to access your organization’s network and resources.

CISOs should secure a culture of cyber security by regularly reminding employees about their roles in keeping the company safe. This can include hosting regular educational sessions or providing resources for employees to self-educate about cyber threats.

Further, employees must understand their responsibilities for data security and adhere to company policies, such as not sharing passwords with other staff members or downloading unauthorized software.

By following these steps, employees can help mitigate the risk of imposter domain hacks and protect their organization from potential attacks.


More Posts

Become a channel partner

Contact our customer desk to become a partner


About us

The cyber academy (TCA) is the proud Africa distributor for the Terranova Security Cyber awareness training platform.

With years of experience in building cyber resilience and capacity for our clients the TCA now offers you the best of breed in global cyber awareness training.

Terranova Security, by HelpSystems, has been transforming the world’s end users into cyber heroes for more than 20 years
Using their proven pedagogical framework, they empower organizations worldwide to implement training programs that change user behaviors, reduce the human risk factor, and counter cyber threats effectively.

Terranova Security makes it easy to build risk-based campaigns that feature the industry’s highest-quality training content and real-world phishing simulations. As a result, any employee can better understand phishing, social engineering, data privacy, compliance, and other critical best practices. We transform your staff from being potential liabilities to your business into company assts and cyber heroes.

Join our global family of cyber heroes and ensure that your company improves its cyber posture and protects its most valuable business assets.


Contact our customer channel and service desk.