gabe@gabegold.com
Date: Wed, 17 Apr 2019 20:41:13 -0400
The discovery of a new, sophisticated team of hackers spying on dozens of government targets is never good news. But one team of cyberspies has pulled off that scale of espionage with a rare and troubling trick, exploiting a weak link in the Internet's cybersecurity that experts have warned about for years: DNS hijacking, a technique that meddles with the fundamental address book of the Internet.
Researchers at Cisco's Talos security division on Wednesday revealed that a hacker group it's calling Sea Turtle carried out a broad campaign of espionage via DNS hijacking, hitting 40 different organizations. In the process, they went so far as to compromise multiple country-code top-level domains -- the suffixes like .co.uk or .ru that end a foreign web address -- putting all the traffic of every domain in multiple countries at risk.
The hackers' victims include telecoms, Internet service providers, and
domain registrars responsible for implementing the domain name system. But
the majority of the victims and the ultimate targets, Cisco believes, were a
collection of mostly governmental organizations, including ministries of
foreign affairs, intelligence agencies, military targets, and energy-related
groups, all based in the Middle East and North Africa. By corrupting the
Internet's directory system, hackers were able to silently use "man in the
middle" attacks to intercept all Internet data from email to web traffic
sent to those victim organizations.
https://www.wired.com/story/sea-turtle-dns-hijacking/