Hacker groups going after government domains

23 April, 2019 12:05 pm

Security researchers are suspecting state-sponsored actors.

Imagine typing in a government internet address, and ending up on a website that looks like a government website, acts like a government website, but steals your data.

That's basically what happened recently to Arab governments, but also to government websites, intelligence agencies, telecommunications companies and internet giants in 13 countries, for more than two years.

The ominous news was confirmed by two cybersecurity agencies – Cisco's Talos and FireEye. They are claiming that two separate entities, one of which might be state-sponsored, are doing the dirty work.

They dubbed them DNSpionage and Sea Turtle (who comes up with these names, really?).

The attack revolves around DNS hijacking. Hackers first use spear phishing to compromise a target and get into a network. Then they scan the network for vulnerabilities, targeting servers and routers which allows them lateral movement across the network. They gather passwords along the way.

Then, using the obtained credentials, they target the organisation's DNS registrar. They update the registrar's records so that the domain name points to a server that's under hackers' control.

And boom – there you have it. One moment you're on a government website, the next – a group of hackers is sniffing through your data.

Talos says Netnod was compromised this way by Sea Turtle, and Netnod confirmed. This is a Sweden-based DNS provider, and one of the 13 root servers that powers the global DNS infrastructure.

We don't know exactly who was under assault, but we do know that hackers targeted Armenia, Egypt, Turkey, Sweden, Jordan and the United Arab Emirates.

 

Please login to comment



Hints

How to sync and export media to your IPhone using ITunes

3 Easy Ways To Create An Apple ID For Your iPhone

You can’t be serious - Kwesi Arthur's dad reacts to his plan to marry at 35

Pictures: All the celebs Patapaa’s new girlfriend, Liha Miller has hanged out with in the past

Nadia Buari reveals why she keeps her marriage a secret and the faces of her 4 children hidden