Over 70,000 domains are being operated by VexTrio, which has provided all its affiliates possibly recruited from dark web sites their dedicated servers for attacks, according to a report from Infoblox. Aside from enabling the participation of various actors in attack chains, VexTrio was also found to manage numerous TDS networks to fuel profits.
“VexTrio’s advanced business model facilitates partnerships with other actors and creates a sustainable and resilient ecosystem that is extremely difficult to destroy. Due to the complex design and entangled nature of the affiliate network, precise classification and attribution are difficult to achieve. This complexity has allowed VexTrio to flourish while remaining nameless to the security industry for over six years,” said Infoblox.