NPP Australia: Notifying Customers of a New PayID Leak
infosec

NPP Australia: Notifying Customers of a New PayID Leak

PayID's search function on Australia's new payment platform (NPP) has encountered problems once again. This...
Read More
infosec

Man-in-the-middle attacks: What are the most common types?

In a previous article we analyzed exactly what man-in-the-middle attacks are, how they work, how they are carried out and how we can protect ourselves against ...
Read More
infosec tweaks

Man-in-the-middle attacks: What is and how to protect yourself?

A man-in-the-middle attack presupposes three parts. The victim, the entity with which the victim is trying to communicate ...
Read More
infosec

Your keyboard can betray your passwords to hackers

Hackers are able to edit your online passwords only from the sound of your keystrokes, revealed a ...
Read More
infosec

Bluetooth vulnerability affects Apple, Qualcomm and Intel devices!

Bluetooth is used worldwide as one of the most convenient methods of connecting and controlling connected devices. However, according to ...
Read More
Latest Posts

Hacking campaign targets organizations through DNS hijacking attacks

hijackingRecently, a new hacking campaign, called "Sea Turtle", was launched, targeting public and private players. The characteristic of this particular campaign is that hackers DNS hijacking attacks.

The data, so far, show attacks on some 40 organizations in 13 countries.

Attackers are well organized and use sophisticated methods that give them access to sensitive networks and systems.

DNS hijacking attack redirects malicious users website, modifying DNS name records or server settings.

The campaign seems to target two categories of victims. The first category includes national security organizations, foreign ministries, and energy related organizations. The second victim category includes DNS administrators, telecommunications companies, and internet service providers.

The first target of the attackers is the third Companies, which offer services to key goals.

The research has shown that this is one of the most serious and sophisticated campaigns of this kind.

DNS Hijacking Attack

Attackers acquire the credentials of the network administrator of the organization and modify the DNS records.

Otherwise, they gain access via a DNS administrator, who sells domain names and manages DNS records. The DNS registry is accessible through the registry application using the Extensible Provisioning Protocol (EPP).

Hackers get one of these EPP keys to modify DNS records, which are handled by the administrator.

Hackers try to steal credentials to get into networks and systems in the following way: initially trying to check the target DNS records, then modifying DNS records to redirect users to servers under the control of hackers and finally steal credentials when users interact with the supervised server.

Through these procedures, hackers managed to gain access to the organization's systems and attack.

Share
Do you have an opinion? Leave your comment.

The author allows you to copy his / her text only if you report the source (SecNews.gr), as an e-mail address (Live URL) of the article.
Updated on by

Reader Interactions

Leave a reply

Your email address is not published. Τα υποχρεωτικά πεδία σημειώνονται με *