Nation-State Attackers Exploiting DNS at Scale, Cisco Reports

Cisco Talos is warning of a new attacker group it has dubbed "Sea Turtle" that is exploiting DNS information at scale across large government agencies. According to the report which was released on April 17, the Sea Turtle attack has already compromised at least 40 different organizations, spread across 13 different countries. While DNS attacks are not a new phenomena, the way in which Sea Turtle operates is somewhat different than other DNS attacks in recent months. DNS is an acronym for Domain Name System, and is the technology that matches IP addresses to common domain names (i.e eWEEK.com). In prior DNS attacks, hackers simply redirected DNS entries to their own malicious domains. In the Sea Turtle attacks, the hackers created their own name servers and intercepted traffic, in order to steal credential and other information. The attackers also directly went after entire domain registries, rather than just individual domain names, enabling widespread exploitation of all the entries in a given registry.