Hazy Hawk, a threat actor, is exploiting abandoned DNS CNAME records to hijack trusted subdomains of various organizations, including government and educational institutions, to distribute scams and malicious content. By registering new cloud resources with names matching the abandoned records, they create numerous fraudulent URLs that deceive users into clicking on them, leading to tech support scams and phishing attempts. The operation highlights the risks associated with neglected DNS configurations and the need for organizations to properly manage their domain records.