SWITCH Security-Blog

SWITCH-CERT IT-Security Blog


Attacks on DNS continue, targets are also in Switzerland

Attacks on the domain name system continue

Talos, the intelligence group of CISCO reported in their blog that their monitoring shows that attacks on the domain name system (DNS) by “Sea Turtle” continue.  The attack technique used is similar than before, the actors compromise name server records to take ownership of the domain. They then provide false information to selected parties (e.g certificate authorities, mail users) which leads to the disclosure of email credentials of the targeted organisations. These credentials give initial access to the victims E-mails accounts and other resources and are a starting point for further attacks.

Victims in Switzerland

For the first time, Talos also reported victims in Switzerland.

Geographic Location of Sea Turtle Victims by Talos

While Talos didn’t disclose the targeted organizations they identified these groups as primary targets:

  • Government organizations
  • Energy companies
  • Think tanks
  • International non-governmental organizations
  • At least one airport

Continue reading