A single traffic distribution system (TDS) operator in possession of more than 70,000 domains is facilitating scams, phishing, and malware infections on an unprecedented scale.
The group, "VexTrio," isn't known for its malicious campaigns, though it does occasionally get its feet wet in cybercrime. Instead, it manages
a TDS network connecting threat actors who compromise vulnerable websites with those who host malicious content.
Though VexTrio isn't the one with its finger on the trigger, its capacity for spreading malfeasance on the Internet shouldn't be underestimated. Infoblox, which published a detailed report about the group on Jan. 23, characterizes it as the most widespread threat actor in the wild, touching more than half of all organizations it's monitored in the past two years.
"This is the single largest, most pervasive, most persistent threat that we have in our customer networks," says Renée Burton, head of threat intelligence at Infoblox. "Pretty much any kind of network that we see is going to have this activity in it."
