Contact Contact Us

At least 40 Firms Compromised in DNS Hijacking Campaign

An ongoing DNS hijacking campaign known as Sea Turtle has compromised at least 40 organisations across 13 countries in the Middle East and North Africa. The operation, which began as early as January 2017, has targeted public organisations such as national security organisations and energy companies as well as private telecommuncation companies and Internet service providers. The threat group uses at least seven known exploits and spear phishing to gain initial access to the target organisation. The hackers then move laterally with an aim to obtain the administrator credentials for the DNS provider from the client side. If successful, the hackers will be able to control and modify the DNS records of the target and route users to actor-controller name server. The redirection allows the threat actors to capture users' credentials, which can be used to maintain long term persistent in the target's network.

[1] DNS Hijacking Abuses Trust in Core Internet Service
[2] Sea Turtle DNS Hijacking Campaign Utilises At least Seven Patched Vulnerabilities

Ensign InfoSecurity Singapore
30A Kallang Place
Singapore 339213

Tel: +65 6788 2882
Fax: +65 6788 3883