Home / News

State-Sponsored Attack Is Manipulating DNS Systems of National Security Organizations

A team of security researchers on Wednesday issued a stern warning about a DNS Hijacking campaign being carried out by an advanced, state-sponsored actor believed to be targetting sensitive networks and systems. Although the incident is currently deemed to be limited to national security organizations in the Middle East and North Africa, Cisco’s Talos security team has warned the success of this operation can lead to broader attacks on the global DNS system.

The attack named “Sea Turtle” is believed to have begun as early as January 2017 and has continued through the first quarter of 2019. “Our investigation revealed that at least 40 different organizations across 13 different countries were compromised during this campaign.”

“The actors behind this campaign have focused on using DNS hijacking as a mechanism for achieving their ultimate objectives. DNS hijacking occurs when the actor can illicitly modify DNS name records to point users to actor-controlled servers. The Department of Homeland Security (DHS) issued an alert about this activity on Jan. 24 2019, warning that an attacker could redirect user traffic and obtain valid encryption certificates for an organization’s domain names.”

“The threat actors behind the Sea Turtle campaign show clear signs of being highly capable and brazen in their endeavors. The actors are responsible for the first publicly confirmed case of a DNS registry compromise, highlighting the attacker’s sophistication.”

So far 40 different organizations are reported to have been targeted by the attack including Ministries of foreign affairs, Military organizations, Intelligence agencies, and Prominent energy organizations.

The report by the Talos security team includes a set of recommended mitigation strategies.

By CircleID Reporter – 

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

 Visit Page

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

VINTON CERF
Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

Related

Topics

Domain Management

Sponsored byMarkMonitor

Brand Protection

Sponsored byAppdetex

Domain Names

Sponsored byVerisign

IPv4 Markets

Sponsored byIPXO

Cybersecurity

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API