Infoblox reports that the cybercrime group Savvy Seahorse has been targeting victims through fake investment platforms advertised on Facebook. The scammers lure individuals into depositing funds and providing personal details by promising high returns on investment. A key element of their strategy involves the use of chat bots to engage with victims and automate the fraud process.
To avoid detection, Savvy Seahorse has been utilizing Canonical Name (CNAME) records as a Traffic Delivery System (TDS) for its operations. By leveraging CNAME records, the group can easily change IP addresses and redirect traffic, making it harder for authorities to track their activities.
CNAME records are a crucial component of the Domain Name System (DNS) that enables users to associate memorable domain names with the numerical IP addresses of servers hosting web content. This system simplifies the process of accessing resources on the Internet by allowing users to use domain names instead of complex IP addresses.