Guardio Labs has identified a sophisticated phishing campaign called Operation SubdoMailing, involving the manipulation of over 8,000 hijacked subdomains from reputable brands.


This campaign, attributed to threat actor “ResurrecAds,” exploits the trust associated with domains like eBay, VMware [1] [2] [3] [4], and others to send millions of spammy and malicious phishing emails daily. By impersonating trusted brands, the campaign evades email-security measures and leverages stolen resources to deceive users.


The SubdoMailing Checker tool developed by Guardio researchers helps organizations detect domain compromise and combat this evolving threat in the digital advertising ecosystem. It is crucial for organizations to stay vigilant and implement robust security measures to protect against such sophisticated phishing campaigns.