Hack top-level domains .mx & .us to spy on emails and make MITM attacks
Web application security experts claim that a group of government-sponsored hackers broke into the computer systems of ICS-Forth, the organization responsible for managing domain codes in Greece. The Institute of Computer Science from the Foundation for Research and Technology (ICS-Forth) acknowledged the security incident, notifying .gr and .el web domain owners via email.
The hacker group behind this attack has been
identified as Sea Turtle; the cybersecurity community has reported the
activities of this group on several occasions. This group has developed a
hacking approach beyond the usual because, instead of selecting victims, they
focus on attacking the records of web domains and DNS providers, from where
they can make some modifications to the DNS settings of a target company.
According to web application security experts,
modifying DNS records for internal servers, threat actors redirect traffic
destined to legitimate applications of a company or email providers to clone
servers and perform Man-in-The-Middle
(MiTM) attacks or intercept login credentials.
According to the investigation, the attack can
last between a few hours to a full day, plus it’s really difficult to detect
because most companies that provide these services don’t often pay attention to
changes in DNS settings.
Although so far no security firm has decided to
make any guesses about the authorship of the attacks publicly, sources close to
the cybersecurity community claim that Iran’s government is responsible for
sponsoring this hacker group. So far, web application security experts don’t
have more details about what happened on ICS-Forth systems after hackers gained
access. Although it is not yet known what the names of the compromised domains
are, experts claim that the access exploited by the hackers was still
available.
Specialists from the International Cyber
Security Institute (IICS) believe that the activities of this hacking group are
highly likely to increase in the short term.
(Visited 2 1 times)
Gloss