Cyber criminals VexTrio's underlying structures unmasked by BHUSA researchers in groundbreaking study

In the ever-evolving world of cybercrime, a new player has emerged, one that has been active since at least 2017 - VexTrio, also known as Vextrio Viper. This network, with connections to dozens of affiliated entities across multiple countries, has been causing havoc in the digital realm.

VexTrio uses a sophisticated method to filter and redirect web traffic based on specific criteria, employing traffic distribution systems (TDSs). These systems are instrumental in ensuring that victims are directed to the most relevant malicious payload.

One of the key tactics used by VexTrio is the compromise of websites, particularly those running WordPress, to inject malicious scripts. The operators of this network also leverage domain generation algorithms (DGAs) to maintain communication with infected systems.

VexTrio's reliance on Domain Name System (DNS) manipulation is another facet of its operations. It uses DNS tunnelling to encode data within DNS queries, bypassing security controls, and DNS fast-flux techniques to evade detection and takedown efforts.

The global operation of VexTrio runs on fewer than 250 virtual machines across a few hosting providers. However, its influence is far-reaching, with activities including operating its own scams, developing and distributing malicious apps, running payment processors, email validation services, and controlling both the publishing and advertising sides of affiliate networks.

Infoblox, a leading cybersecurity company, has uncovered some individuals linked to the VexTrio network. Among them are Benjamin DELPY and Jean-Philippe AHNERT, active in the global online advertising fraud, malware chain from at least 2017 to February 2022. Other individuals include Giulio Cerutti, Igor Voronin, Andrew Kunitsa, Dzmitry Laptsevich, Kroum Vassilev, Matteo Costa, Marco Rufa, and Giulio Lingua.

In 2020, the Italian and Eastern European networks merged into a multinational criminal enterprise, comprising nearly 100 companies and brands across various industries. The Italian group associated with VexTrio has a history of spam and fake dating sites, while the Eastern European group boasts deep technical expertise and infrastructure capabilities.

AdsPro Group, a multinational shell company network, is responsible for creating the VexTrio TDS. This company operates under several brands and is responsible for various types of fraud, including operating scam sites and developing malicious apps.

VexTrio acts as a middleman connecting threat actors with infrastructure providers, enabling a wide range of cybercrime activities. Its primary content delivery network domain is a top 10,000 domain in global popularity, demonstrating its significant impact on the digital landscape.

As the digital world continues to evolve, so too does the need for vigilance against cyber threats like VexTrio. Understanding the tactics and methods used by these networks is crucial in the fight against cybercrime.

Cyber criminals VexTrio's underlying structures unmasked by BHUSA researchers in groundbreaking study