The group is suspected to be based out of China, based on observations researchers have made regarding the language used by the threat group. Approximately 300 new domains are registered by the group daily, which can have detrimental effects on the customers of these legitimate brands as well as values of the targeted brands themselves. Companies should ensure they are monitoring for these fraudulent domains being created. By using a service such as the Binary Defense Counterintelligence team to search for, identify, and report on these domains, companies can ensure that typo-squatted domains are identified and addressed quickly before it can affect customers.
https://www.bleepingcomputer.com/news/security/42-000-sites-used-to-trap-users-in-brand-impersonation-scheme/
