Underminr Vulnerability Exploited to Mask Malicious Connections
A vulnerability known as 'Underminr' is being exploited by threat actors to hide malicious connections behind trusted domains. This issue, a variant of domain fronting, allows attackers to use shared content delivery network (CDN) infrastructure to mask connections to malicious domains. By presenting a trusted domain in the SNI and HTTP Host fields while directing requests to another domain, attackers can bypass DNS query monitoring and filtering services. This technique has been used to connect to command-and-control servers and circumvent network egress policies. Approximately 88 million domains are potentially affected, with significant impacts on internet infrastructure in the US, UK, and Canada. 
