A new
malicious campaign called "Sea Turtle," as of late discovered by
researchers allegedly, is said to have been attacking public and private
elements in different nations utilizing DNS hijacking as a mechanism.
Moreover
the campaign is known to have compromised no less than 40 different
organizations across over 13 different nations amid this vindictive campaign in
the first quarter of 2019.
Since DNS
hijacking is a sort of malevolent attack that redirects the users to the
noxious site by altering the DNS name records when they visit the site by means
of compromised routers or attackers affecting a server's settings.
The
attackers helped out their work through very industrious strategies and
propelled apparatuses in order to gain access to the sensitive systems and
frameworks as smoothly as possible.
By focusing
on two distinct groups of victims they are focusing on a third party that is
known to provide services to the primary targets to effectively play out the
DNS seizing. The main aim of the attackers behind "Sea Turtle" is to
ultimately aim to steal the credentials so as to access the systems and
frameworks in the following manner:
- Via establishing a means to control the DNS records of the target.
- To capturing legitimate user credentials when users interacted with these actor-controlled servers.
Researchers said that they "assess” with probably high
certainty that these hijacking attacks are being propelled by an advanced,
state-sponsored actor hoping to get to the sensitive systems and frameworks.
To ensure against these DNS hijacking attacks, the
organizations are currently attempting to execute a registry lock service,
multifaceted verification (to access the DNS records), and obviously keeping up
to date on the patches, particularly on the internet facing machines.
