Security experts at Cisco Talos have released a report detailing what it calls the “first known case of a domain name registry organization that was compromised for cyber espionage operations.”

Talos calls ongoing cyber threat campaign “Sea Turtle” and said that state-sponsored attackers are abusing DNS to harvest credentials to gain access to sensitive networks and systems in a way that victims are unable to detect, which displays unique knowledge on how to manipulate DNS, Talos stated.

More about DNS:

  • DNS in the cloud: Why and why not
  • DNS over HTTPS seeks to make internet use more private
  • How to protect your infrastructure from DNS cache poisoning
  • ICANN housecleaning revokes old DNS security key

By obtaining control of victims’ DNS, the attackers can change or falsify any data on the Internet, illicitly modify DNS name records to point users to actor-controlled servers; users visiting those sites would never know, Talos reported.

To read this article in full, please click here