This article discusses the emergence of advanced phishing attacks in 2025, utilizing generative AI and focusing on domain threats. Researchers analyzed 1,000 suspicious domains containing the string “2025,” revealing numerous malicious connections and trends in domain registration. Affected: WhoisXML API, First Watch Malicious Domains Data Feed
Keypoints :
- Advanced phishing attacks are increasingly leveraging generative AI.
- Research focused on 1,000 suspicious domains containing “2025”.
- Findings included 401 email-connected domains and 877 unique IP addresses.
- Majority of domains were registered in 2024, with the U.S. leading in registrations.
- Many domains redirected to parked pages or content selling tickets.
- 311 of the 877 IP addresses were linked to malicious activities.
- Research findings are available for download on the website.
MITRE Techniques :
- Phishing (T1566) – Threat actors use sophisticated techniques to deceive users into providing sensitive information.
- Domain Generation Algorithm (T1483) – Use of newly registered domains to evade detection.
Indicator of Compromise :
- [domain] ainiaiwo2025[.]com
- [domain] gagatour2025[.]com
- [domain] vegaskickoffclassic2025[.]com
- [domain] www222025[.]com
- [domain] theelection2025[.]com
- Check the article for all found IoCs.
Full Research: https://circleid.com/posts/new-year-old-threats-what-does-the-dns-reveal-about-2025