TrendAI and CleanDNS Partner to Dismantle Cybercriminal Infrastructure
Severity: Low (Score: 27.9)
Sources: Trendmicro
Published: · Updated:
Keywords: infrastructure, blocking, attacker, removing, internet, threat, landscape
Summary
TrendAI™ and CleanDNS have announced a partnership aimed at removing cybercriminal infrastructure from the internet. This initiative goes beyond merely blocking malicious domains, as it seeks to dismantle the underlying attacker infrastructure that poses a threat to victims. TrendAI™ utilizes advanced AI workflows and machine learning models to identify and monitor attacker infrastructure in near-real time, allowing for proactive measures against threats. The partnership is designed to enhance protection for customers on the TrendAI Vision One™ platform by targeting left-of-kill-chain threats that enable major cyberattacks. CleanDNS, a leader in DNS abuse management, will work directly with registry operators and registrar abuse teams to take down malicious domains effectively. This collaboration signifies a shift from reactive to proactive cybersecurity measures, aiming to mitigate online harm on a larger scale. Key Points: • TrendAI™ and CleanDNS partner to remove cybercriminal infrastructure from the internet. • The initiative focuses on dismantling attacker infrastructure, not just blocking domains. • Advanced AI and machine learning are employed to identify threats in real-time.
Detailed Analysis
**Impact** The partnership targets cybercriminal infrastructure globally, affecting threat groups that deploy malware via malicious domains. This collaboration extends protection beyond TrendAI Vision One™ customers to the broader internet by enabling domain takedowns at the registrar and registry level. The operational consequence is a reduction in attacker command and control (C&C) and delivery domains, disrupting campaigns before deployment. Specific sectors or geographic impacts are not detailed in the source material. **Technical Details** TrendAI employs agentic AI workflows and in-house machine learning models to identify and tag hundreds of attacker infrastructure elements daily, focusing on left-of-kill-chain threats such as C&C and delivery domains. CleanDNS integrates directly with registrars and registries to investigate, gather evidence, and execute domain suspension, sinkholing, or takedown actions. The kill chain stage targeted is pre-attack infrastructure setup, preventing attacker domains from becoming operational. No specific malware names, CVEs, or IOCs are provided in the articles. **Recommended Response** Defenders should integrate threat intelligence feeds from TrendAI to block identified malicious domains proactively. Organizations operating DNS infrastructure should consider partnerships or workflows similar to CleanDNS for rapid abuse case management and domain takedown. Monitoring for newly registered suspicious domains linked to known threat groups is advised. No patching or specific malware detection guidance is available from the provided information.
Source articles (2)
- From Blocking Attacker Infrastructure to Removing It From the Internet — Trendmicro · 2026-05-20
The threat landscape never sleeps—but neither do we. Today, we are proud to announce a partnership between TrendAI™ and CleanDNS that takes our fight against cybercriminal infrastructure to a whole ne… - From Blocking Attacker Infrastructure to Removing It From the Internet | Trend Micro (GB) — Trendmicro · 2026-05-19
The threat landscape never sleeps—but neither do we. Today, we are proud to announce a partnership between TrendAI™ and CleanDNS that takes our fight against cybercriminal infrastructure to a whole ne…
Timeline
- 2026-05-19 — Partnership announced: TrendAI™ and CleanDNS announced their collaboration to combat cybercriminal infrastructure.
- 2026-05-20 — Partnership details published: Trendmicro released further details on the partnership, emphasizing proactive measures against cyber threats.
Related entities
- Malware (Attack Type)
- Lumma Stealer (Malware)
- T1071 - Application Layer Protocol (Mitre Attack)
- TrendAI Vision One (Platform)