malicious campaign called “Sea Turtle,” as of late discovered by
researchers allegedly, is said to have been attacking public and private
elements in different nations utilizing DNS hijacking as a mechanism.
the campaign is known to have compromised no less than 40 different
organizations across over 13 different nations amid this vindictive campaign in
the first quarter of 2019.
hijacking is a sort of malevolent attack that redirects the users to the
noxious site by altering the DNS name records when they visit the site by means
of compromised routers or attackers affecting a server’s settings.
attackers helped out their work through very industrious strategies and
propelled apparatuses in order to gain access to the sensitive systems and
frameworks as smoothly as possible.
on two distinct groups of victims they are focusing on a third party that is
known to provide services to the primary targets to effectively play out the
DNS seizing. The main aim of the attackers behind “Sea Turtle” is to
ultimately aim to steal the credentials so as to access the systems and
frameworks in the following manner:
- Via establishing a means to control the DNS records of the target.
- To modifying
DNS records in order to point legitimate users of the target to actor-controlled
capturing legitimate user credentials when users interacted with these
certainty that these hijacking attacks are being propelled by an advanced,
state-sponsored actor hoping to get to the sensitive systems and frameworks.
organizations are currently attempting to execute a registry lock service,
multifaceted verification (to access the DNS records), and obviously keeping up
to date on the patches, particularly on the internet facing machines.