Greek top level domain registry hacked

Greek Institute of Computer Science of the Foundation for Research and Technology (ICS-Forth), country’s manager of national top level domains .gr and .ελ, has confirmed it has suffered a cyber-attack which allowed hijacking of domains, ZDNet reports. Instead of targeting the victims directly, the attackers penetrate domain registries and registrars and modify DNS records on internal servers, thereby redirecting traffic meant for a company’s legitimate services to bogus servers where they carry out man-in-the-middle attacks and intercept login credentials. Since most companies don’t watch for changes in DNS settings, the redirection often remains undetected for long; once detected, however, it is easily mitigated by restoring the DNS parameters. Cisco Talos, the security company, links the attacks on top-level registries to the state-sponsored hacking group called Sea Turtle, while FireEye security company connects the attacks to similar attacks conducted earlier this year which they linked to the Iranian government. Talos noted that it identified new victims of the group in Sudan, Switzerland, and the US, among other.