DNS hijacking campaign

From the National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign.

Obtained information through this campaign could allow attackers to redirect internet traffic to attacker-controlled infrastructure, and in this way, obtain certificates organization’s webs sites, being able to perform man-in-the-middle attacks.

NCCIC recommends update the passwords of organizations’ DNS records, implement multifactor authentication on domain registrar accounts, audit public DNS records, and search for encryption certificates related to domains and revoke any fraudulently requested certificates.