Attacks on the domain name system continue
Talos, the intelligence group of CISCO reported in their blog that their monitoring shows that attacks on the domain name system (DNS) by “Sea Turtle” continue. The attack technique used is similar than before, the actors compromise name server records to take ownership of the domain. They then provide false information to selected parties (e.g certificate authorities, mail users) which leads to the disclosure of email credentials of the targeted organisations. These credentials give initial access to the victims E-mails accounts and other resources and are a starting point for further attacks.
Victims in Switzerland
For the first time, Talos also reported victims in Switzerland.
While Talos didn’t disclose the targeted organizations they identified these groups as primary targets:
- Government organizations
- Energy companies
- Think tanks
- International non-governmental organizations
- At least one airport