VexTrio, a largely secret threat actor, is leading a large-scale cybercriminal partnership that is delivering high volumes of malware and other malicious content to networks in APAC, Australia, New Zealand, and globally. These partnerships include underground affiliates like ClearFake and SocGholish. Infoblox’s Renee Burton recommends focusing on uncovering and eliminating middle layer players like VexTrio rather than endpoint malware or phishing threats. Burton suggests implementing protective Domain Name System measures to block malicious domains. VexTrio has been operating for over six years and is estimated to be worth trillions of dollars. It acts as a traffic distribution system, passing users on to other criminal entities for targeted attacks. The threat is not biased against targeting any specific country or region, making APAC and Australian internet users vulnerable. VexTrio primarily compromises vulnerable WordPress websites and redirects victims to malicious infrastructure. APAC IT professionals are advised to focus on targeting the middle man, implement protective DNS measures, and educate users about typical VexTrio-related threats.