It’s not a prediction and it’s not a low probability. It’s actually happening ‼️ DNS “attacks” amplified in the last several months and for those familiar with the BTC source code and how its nodes communicate to each other, it’s not hard to understand the real issue here. Just a short summary 👇 DNS Hijacking: Recent attacks have targeted high-profile organizations by exploiting misconfigured DNS records. In 2025, the threat actor Hazy Hawk hijacked abandoned cloud resources—such as Amazon S3 buckets and Microsoft Azure endpoints—by manipulating DNS records to redirect traffic to malicious sites for malware delivery. This included subdomains of the U.S. CDC and major corporations like Deloitte and PwC. EdgeStepper Implant: A China-aligned group, PlushDaemon, has used a Go-based backdoor called EdgeStepper to reroute DNS queries to attacker-controlled nodes, enabling adversary-in-the-middle (AitM) attacks. This allows the attackers to intercept and redirect software update traffic, delivering malware to victims. DNS Tunneling: Attackers continue to leverage DNS tunneling for covert C2 communication. The SUNBURST backdoor in the SolarWinds supply chain compromise used DNS tunneling to exfiltrate data and receive instructions, demonstrating its effectiveness in evading detection. DNS Amplification DDoS: Distributed Denial of Service (DDoS) attacks using DNS amplification remain prevalent. These attacks exploit open DNS resolvers with spoofed source IPs to flood targets with massive response traffic. In Q1 2024 alone, 1.5 million DNS DDoS attacks were recorded, with attacks expected to double from 2017 levels.