logo

Threat tactic spotlight: Subdomain takeover

ID: ed4bab18-0a09-54fe-8146-4e882b4ecf6d

STIX ID: report--ed4bab18-0a09-54fe-8146-4e882b4ecf6d

Feed Name: AWS Security Blog

Threat Score
50/100

Date Published: 2026-06-16

Date Updated: 2026-06-17

Author: Matt Gurr

...
...

This AWS CIRT blog post explains subdomain takeover—how dangling CNAME DNS records to deleted AWS resources can be exploited by attackers—describes observed scanning activity, outlines impacts such as phishing and reputational damage, and provides detection and mitigation guidance including an AWS Config-based detection implementation, deprovisioning SOPs, and response recommendations.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.