Single $10 Domain Could Have Given Hackers Control Over 25,000 Endpoints Worldwide
Researchers discovered that an unregistered domain available for just $10 could have granted silent control over more than 25,000 compromised endpoints, including sensitive government and OT networks.
Key Points
- A $10 unregistered domain could have controlled over 25,000 endpoints globally
- 324 compromised hosts belonged to sensitive networks including government, OT, and healthcare
- Attack used PowerShell payloads to disable security products and block updates
Full Details
Huntress researchers uncovered a sophisticated threat hidden within what appeared to be adware, revealing that a single unregistered domain available for as little as $10 could have granted malicious actors silent control over more than 25,000 compromised endpoints worldwide. Starting in March 2025, the threat deployed a PowerShell-based payload that runs with elevated privileges to disable cybersecurity products, block their update servers, and prevent their reinstallation. Of the hosts observed, 324 belonged to sensitive networks, including 221 universities and colleges, 41 operational technology (OT) networks, 35 government entities, and three healthcare organizations. The discovery highlights how inexpensive domain registration can be exploited for large-scale, stealthy attacks across critical infrastructure sectors.
Why It Matters
This exposes a critical vulnerability in domain registration systems and highlights how minimal investment can yield massive attack surfaces, particularly in critical infrastructure sectors.
Get stories like this delivered daily
AI-curated news, personalized to your interests. Zero noise.
Start 7-Day Free Trial →More in Global News
US singer D4vd charged with murder stemming from death of missing teenage girl
Prosecutors say the singer, real name David Anthony Burke, could face life in prison due to the nature of the case.
Ukrainian drone attack hits Russia’s Tuapse port
Plumes of black smoke were seen after Ukrainian drones targeted Russia’s Black Sea port of Tuapse.
Iranian Envoy Summoned After Revolutionary Guards Fire On Indian Ships
The ships -- Indian-flagged cargo vessels - were fired on in the Strait of Hormuz on April 18. The incident occurred due to a communication gap between the Iranian government and the local unit of the Revolutionary Guard, sources said.
‘Israel never talked me into the war with Iran,’ Trump says
President Donald Trump posted on Truth Social that Israel never talked him into a war with Iran, pushing back against news reports and right-wing commentators who suggested Israeli Prime Minister Benjamin Netanyahu influenced his decisions. He wrote that the October 7th attack reinforced his lifelong opinion that Iran can never have a nuclear weapon. Trump also claimed that "the results in Iran will be amazing" and suggested that if Iran's new leaders are "smart," the country could have a great