Cloudy with a Chance of Hijacking Forgotten DNS Records Enable Scam Actor

This report profiles Hazy Hawk, an active criminal actor since at least December 2023 that locates and hijacks abandoned cloud resources (Azure, S3, Netlify, GitHub, CDNs, etc.) via dangling CNAME/DNS misconfigurations, uses those high-reputation subdomains to host cloaked URLs that funnel users through redirection chains and traffic distribution systems into scams, malware, and persistent push-notification fraud; it lists affected organizations, example indicators (TDS, redirect and push domains), and recommends DNS hygiene and protective DNS as mitigations.