Ethical Hacking News
A record-high number of malicious campaigns have been launched from the Spanish country-code top-level domain (.es), with a 19x increase in credential phishing attempts reported by cybersecurity experts. The surge has left many wondering about the motivations behind this sudden trend, highlighting the ever-evolving nature of cyber threats.
The number of .es-based phishing attempts has increased by 19x, making it the third most commonly used TLD for credential phishing. Cofense reported that 1,373 subdomains were hosting malicious web pages on 447 .es base domains as of May. Most affected subdomains focused on credential phishing (99%), while 1% targeted remote access trojans (RATs). The malicious campaigns used sophisticated tactics, often masquerading as legitimate emails or websites. The rise of .es-based phishing attacks may be attributed to the ease of deployment and hosting on Cloudflare. Users are urged to exercise extreme caution when interacting with unfamiliar websites or receiving unsolicited emails.
Cybersecurity experts have issued a stark warning to individuals and organizations alike, highlighting the alarming rise of malicious campaigns launched from the Spanish country-code top-level domain (.es). According to recent reports, there has been a 19x increase in such phishing attempts, making .es the third most commonly used TLD for credential phishing, after only .com and .ru.
The surge in .es-based phishing attacks has been attributed to a significant spike in malicious campaigns being launched from these domains. Cofense, a leading cybersecurity firm, reported that as of May, 1,373 subdomains were hosting malicious web pages on 447 .es base domains. This marks a disturbing trend, with most of the affected subdomains (99%) focusing on credential phishing, while the remaining 1% targeted remote access trojans (RATs).
The malicious campaigns have been characterized by their sophistication and cunning, often masquerading as legitimate emails or websites. In many cases, the phishing pages used a Cloudflare Turnstile CAPTCHA, making it easier for threat actors to host and deploy their malicious content. Furthermore, most of the affected .es domains were hosted on Cloudflare, highlighting a concerning trend in the use of popular cloud hosting services by malicious actors.
The rise of .es-based phishing attacks has left cybersecurity experts scrambling to understand the motivations behind this sudden surge. While it is unclear whether there are specific reasons for the increased abuse of the .es TLD, researchers suggest that the ease of deployment and hosting on Cloudflare may have contributed to its growing popularity among threat actors.
The use of .es domains for phishing purposes has been a relatively rare occurrence in the past, with European Union country-code top-level domains (ccTLDs) generally being considered less susceptible to abuse. However, recent events have highlighted the potential vulnerabilities of even seemingly secure TLDs when exploited by skilled and determined threat actors.
The alarming trend of .es-based phishing attacks serves as a stark reminder of the ever-evolving nature of cyber threats. As threat actors continually adapt and innovate their tactics, it is essential for individuals and organizations to remain vigilant and take proactive measures to protect themselves against such malicious campaigns.
In light of this growing concern, cybersecurity experts are urging users to exercise extreme caution when interacting with unfamiliar websites or receiving unsolicited emails, particularly those claiming to be from legitimate sources. By staying informed and taking the necessary precautions, individuals can significantly reduce their risk of falling victim to these sophisticated phishing attempts.
The .es domain has become an increasingly popular target for malicious actors in recent months, leaving cybersecurity experts scrambling to keep pace with this evolving threat landscape. As the situation continues to unfold, it is crucial that organizations and individuals alike remain vigilant and take proactive steps to protect themselves against the growing threat of .es-based phishing attacks.
Related Information:
https://www.ethicalhackingnews.com/articles/Cybersecurity-Experts-Sound-Alarm-as-es-Domains-Used-for-Credential-Phishing-Trips-Reach-Record-Highs-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2025/07/05/spain_domains_phishing/
Published: Sat Jul 5 09:41:49 2025 by llama3.2 3B Q4_K_M
