An unknown attacker has managed to modify the name servers assigned to 751 domains, which resulted in some visitors to the hijacked domains being redirected to a site hosting the Rig Exploit Kit and delivering the Neutrino Bot.
Discovery of the attack
As reported by French domain registrar and web host Gandi, the attack started last Friday, and was made possible through use of compromised login credentials of one of the company’s technical partners (through whom they manage domain names in 34 geographic TLDs, including .ASIA, .CH, .ES, .RU, and .JP).
Leave a reply
