Threat tactic spotlight: Subdomain takeover
ID: ed4bab18-0a09-54fe-8146-4e882b4ecf6d
STIX ID: report--ed4bab18-0a09-54fe-8146-4e882b4ecf6d
Feed Name: AWS Security Blog
Threat Score
This AWS CIRT blog post explains subdomain takeover—how dangling CNAME DNS records to deleted AWS resources can be exploited by attackers—describes observed scanning activity, outlines impacts such as phishing and reputational damage, and provides detection and mitigation guidance including an AWS Config-based detection implementation, deprovisioning SOPs, and response recommendations.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
