Gambling Network Exploits Abandoned Subdomains (Campaign)
ID: bbb61d22-ec3e-5d10-a15e-e277c4be6890
STIX ID: report--bbb61d22-ec3e-5d10-a15e-e277c4be6890
Feed Name: Wiz Cloud Threat Landscape
Date Published: 2025-11-11
Date Updated: 2026-05-01
Author: [email protected] (Wiz Threat Research)
A routine asset scan uncovered a large-scale criminal campaign that hijacked decommissioned Shopify subdomains to host over 500 gambling storefronts across AWS, Cloudflare, GCP, Akamai, and Oracle. Attackers built realistic e-commerce facades using enterprise marketing stacks, shared templates, telemetry keys, and analytics to inherit SEO and domain trust from legitimate companies, launder attribution, and offload costs onto victims.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.