Type
Campaign
Actors
Funnull
Pub. date
October 22, 2024
Initial access
Insider threatSupply chain vector
Impact
Supply chain attack
Observed techniques
PhishingSupply Chain Compromise
References
https://www.silentpush.com/blog/triad-nexus-funnull/
Status
Finalized
Last edited
Oct 28, 2024 1:35 PM
Silent Push’s investigation into FUNNULL, a Chinese CDN, reveals its role in hosting extensive malicious infrastructure dubbed "Triad Nexus." This includes over 200,000 algorithmically generated domains connected to gambling, investment scams, phishing, and a supply chain attack affecting 110,000+ websites via the polyfill.io library. Among the domains, many bear the Suncity Group's branding, linked to laundering for North Korea's Lazarus Group. Silent Push also uncovered connections to money laundering networks promoted through GitHub and Telegram, as well as phishing scams targeting major retail brands.