Skip to main content

Hacker groups going after government domains

(Image credit: Image source: Shutterstock/alexskopje)

Imagine typing in a government internet address, and ending up on a website that looks like a government website, acts like a government website, but steals your data.

That's basically what happened recently to Arab governments, but also to government websites, intelligence agencies, telecommunications companies and internet giants in 13 countries, for more than two years.

The ominous news was confirmed by two cybersecurity agencies – Cisco's Talos and FireEye. They are claiming that two separate entities, one of which might be state-sponsored, are doing the dirty work.

They dubbed them DNSpionage and Sea Turtle (who comes up with these names, really?).

The attack revolves around DNS hijacking. Hackers first use spear phishing to compromise a target and get into a network. Then they scan the network for vulnerabilities, targeting servers and routers which allows them lateral movement across the network. They gather passwords along the way.

Then, using the obtained credentials, they target the organisation's DNS registrar. They update the registrar's records so that the domain name points to a server that's under hackers' control.

And boom – there you have it. One moment you're on a government website, the next – a group of hackers is sniffing through your data.

Talos says Netnod was compromised this way by Sea Turtle, and Netnod confirmed. This is a Sweden-based DNS provider, and one of the 13 root servers that powers the global DNS infrastructure.

We don't know exactly who was under assault, but we do know that hackers targeted Armenia, Egypt, Turkey, Sweden, Jordan and the United Arab Emirates.

Image source: Shutterstock/alexskopje

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.