The U.S. Department of Homeland Security (DHS) and Cybersecurity and Infrastructure Security Agency (CISA) are tracking a global domain name system (DNS) infrastructure hijacking campaign, according to a prepared statement.
In addition, DNS and CISA have identified executive branch agency domains impacted by the campaign and notified these agencies about the incident.
Global DNS infrastructure hackers are modifying executive branch agencies’ domain name resources locations, the U.S. Computer Emergency Readiness Team (US-CERT) indicated. They also are using the following techniques as part of the global DNS infrastructure hijacking campaign:
With these techniques, cybercriminals can redirect user traffic to attacker-controlled infrastructure, access valid encryption certificates for executive branch agencies’ domain names and launch man-in-the-middle attacks, US-CERT said.
CISA offers the following recommendations to help executive branch agencies address the global DNS infrastructure hijacking campaign:
CISA also has issued a global DNS infrastructure campaign emergency directive that will remain in place until further notice. The directive requires executive branch agencies to provide CISA with status and completion reports to verify that they have taken action to mitigate global DNS infrastructure campaign attacks.
Courtesy MSSP Alerts