Start your day with intelligence. Get The OODA Daily Pulse.
VexTrio, a large and complex malicious traffic direction system (TDS) organization, has been tracked by Infoblox for nearly two years. The organization has over 60 affiliates that divert traffic into VexTrio, while it also operates its own TDS network. Each affiliate has its own TDS network, with some sending details to VexTrio and others using opportunities before sending the rest to VexTrio. The most common method of collecting traffic used by affiliates is a drive-by compromise targeting vulnerable WordPress sites. VexTrio has become a major broker in the criminal underworld, comprising over 70,000 known domains. The organization uses DNS to carry out attacks globally and has recently migrated much of its infrastructure to shared hosting providers, making it more difficult to track. VexTrio’s complex business model has enabled it to remain unknown for the last six years.