FBI PIN TLP White: Unattributed Cyber Actors Register Domains Spoofing Legitimate Airport Websites
June 12, 2020
FBI PIN TLP White: Unattributed Cyber Actors Register Domains Spoofing Legitimate Airport Websites as a Possible Precursor to Future Operational Activity
The FBI has observed unattributed cyber actors registering numerous domains spoofing legitimate US-based airport websites, indicating the potential for future operational activity. Spoofed domains mimic legitimate domains by either altering character(s) within the domain or associating another domain with similar characteristics to the legitimate domain, such as “m1crosoft.com” or “microsoft-software.biz.” Spoofed domains are increasingly used by cyber criminal and state-sponsored groups to propagate the spread of malware, which can lead to further compromise and financial losses. As a result, this activity poses an increased risk not only to US airports but also to the greater US Aviation Sector and its myriad stakeholders.