Researchers Reveal Threat Actor TTP Patterns and DNS Abuse in Investment Scams

Cybersecurity researchers have uncovered the intricate tactics, techniques, and procedures (TTPs) employed by threat actors in investment scams, which, according to the Federal Trade Commission (FTC), resulted in a record-breaking loss of US$5.7 billion in 2024-a 24% surge from the previous year.

These scams, often disguised as legitimate opportunities such as cryptocurrency exchanges, leverage advanced technological mechanisms to deceive victims.

Researchers have identified actors like Reckless Rabbit and Ruthless Rabbit, who exploit Registered Domain Generation Algorithms (RDGAs) to programmatically create vast numbers of domains, enabling them to scale operations and evade detection.

Unlike traditional Domain Generation Algorithms (DGAs) used in malware, RDGAs remain a closely guarded secret of the actors, with domains preemptively registered for malicious use, often intermingled with legitimate advertising content.

DNS Exploitation as a Core Strategy

A critical finding from the research highlights the ...