Triad Nexus: Funnull malicious campaign

Silent Push’s investigation into FUNNULL, a Chinese CDN, reveals its role in hosting extensive malicious infrastructure dubbed "Triad Nexus." This includes over 200,000 algorithmically generated domains connected to gambling, investment scams, phishing, and a supply chain attack affecting 110,000+ websites via the polyfill.io library. Among the domains, many bear the Suncity Group's branding, linked to laundering for North Korea's Lazarus Group. Silent Push also uncovered connections to money laundering networks promoted through GitHub and Telegram, as well as phishing scams targeting major retail brands.