← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
Cyberhaven Breach-related long term campaign cluster - January 2025
WHITE icampbell 2025-03-27 Modified: 2025-04-26
55
IOCs
HIGH VOLUME
On 27 December 2024, the technology company Cyberhaven reported that an unnamed actor replaced its Google Chrome extension on the Google Chrome Web Store with a malicious version. The actor used a phishing email to compromise a developer’s account via authorizing a malicious third-party application. DomainTools researchers reviewed publicly available information related to this incident and discovered that the Cyberhaven incident is part of a months-long campaign likely attempting to impact multiple companies primarily in the technology sector. https://dti.domaintools.com/cyberhaven-breach-likely-part-of-a-long-term-criminal-campaign/
supply chainchatgptfacebook business managermeta
Indicators of Compromise (55)
All domain
TYPEINDICATORDESCRIPTIONCREATED
domain adskiper.net 2025-03-27
domain aiforgemini.com 2025-03-27
domain bardaiforchrome.live 2025-03-27
domain blockadsonyt.vip 2025-03-27
domain blockforads.com 2025-03-27
domain bookmarkfc.info 2025-03-27
domain castorus.info 2025-03-27
domain censortracker.pro 2025-03-27
domain chataiassistant.pro 2025-03-27
domain chatgptextension.site 2025-03-27
domain chatgptextent.pro 2025-03-27
domain checkpolicy.site 2025-03-27
domain cyberhavenext.pro 2025-03-27
domain dearflip.pro 2025-03-27
domain extensionbuysell.com 2025-03-27
domain extensionpolicy.net 2025-03-27
domain extensionpolicyprivacy.com 2025-03-27
domain geminiaigg.pro 2025-03-27
domain geminiforads.com 2025-03-27
domain goodenhancerblocker.site 2025-03-27
domain gpt4summary.ink 2025-03-27
domain gptdetector.live 2025-03-27
domain graphqlnetwork.pro 2025-03-27
domain internetdownloadmanager.pro 2025-03-27
domain internxtvpn.pro 2025-03-27
domain iobit.pro 2025-03-27
domain linewizeconnect.com 2025-03-27
domain locallyext.ink 2025-03-27
domain moonsift.store 2025-03-27
domain parrottalks.info 2025-03-27
domain pieadblock.pro 2025-03-27
domain policyextension.info 2025-03-27
domain primusext.pro 2025-03-27
domain proxyswitchyomega.pro 2025-03-27
domain readermodeext.info 2025-03-27
domain savechatgpt.site 2025-03-27
domain savegptforyou.live 2025-03-27
domain savgptforchrome.pro 2025-03-27
domain searchaiassitant.info 2025-03-27
domain searchcopilot.co 2025-03-27
domain searchgptchat.info 2025-03-27
domain tinamind.info 2025-03-27
domain tkpartner.pro 2025-03-27
domain tkv2.pro 2025-03-27
domain ultrablock.pro 2025-03-27
domain uvoice.live 2025-03-27
domain videodownloadhelper.pro 2025-03-27
domain vidnozflex.live 2025-03-27
domain vpncity.live 2025-03-27
domain wakelet.ink 2025-03-27
domain wayinai.live 2025-03-27
domain yescaptcha.pro 2025-03-27
domain youtubeadsblocker.live 2025-03-27
domain ytbadblocker.com 2025-03-27
domain yujaverity.info 2025-03-27
References (2)
↗ https://dti.domaintools.com/cyberhaven-breach-likely-part-of-a-long-term-criminal-campaign/ ↗ https://github.com/DomainTools/SecuritySnacks/blob/main/2025/CyberhavenCampaign