VERY IMPORTANT

Silent Push has uncovered a large-scale malicious infrastructure dubbed 'Triad Nexus' hosted on the FUNNULL content delivery network. The investigation revealed over 200,000 unique hostnames, with 95% created using Domain Generation Algorithms. FUNNULL is linked to hosting suspect gambling websites, investment scams, and a retail phishing campaign targeting major brands. Connections were found to the Suncity Group, previously implicated in money laundering for the Lazarus crime group. A supply chain attack involving the polyfill.io JavaScript library affected over 110,000 websites. The research exposes FUNNULL's role in facilitating various criminal activities and raises concerns about its practices as a CDN provider.