Hijacked DNS used to hit numerous national security organizations

Sad and terrible news for today! Cybersecurity researchers have just announced that ‘Sea Turtle’ nation-state hacker group has hit at least 40 national security organizations in 13 countries.

The state-sponsored hacking group modus operandi is this: they intercept and redirect Web and email traffic by using a clever DNS hijacking campaign which lays deep in the Internet’s core infrastructure.

Their cyber attack is both clever and simple at the same time, first, the group is changing the DNS (Domain Name System) records of, the victim organizations, and then all the redirected traffic is inspected and manipulated.

For those who don’t know DNS hijacking attacks are certainly not new. Hackers have been previously known to modify DNS records and redirect traffic for a variety of reasons.

Almost all of the affected entities are national security-related organizations that include ministries of foreign affairs, intelligence agencies, and military organizations. But not all the targets are state/government related, others are part of the affected countries digital infrastructure, like DNS registrars, Internet service providers, and telecommunication companies.

Remember everything can be hacked. In order to stay away from any threats related to the cyber world, we recommend the install of antivirus for Windows or antivirus for Mac on every device that you own, depending on which OS your device is running. If you are a company, it is also recommended to hire every year a specialized cybersecurity company that will run annual tests on your company’s network. These tests include penetration testing and ethical hacking tests;

Sea Turtle main goal is cyber espionage. Worse is the fact that DNS-level cyber attacks have been growing in recent months.

For example, back in January, the US Department of Homeland Security raised the alarm in all of the .gov and other agency-managed domains when they discovered a possible manipulation of the DNS services. Also in January, the DHS received a warning from its cybersecurity specialists regarding hackers that are changing DNS records of many organizations by using credentials stolen from enterprise administrators.

In our days’ organizations are in need of a global perspective to ensure that their IT and security operations teams have an accurate, up-to-date inventory.

During this investigation, it was also discovered that an Iran-based threat actor is carrying out a massive DNS traffic redirection campaign whose main focus is on Middle East targets. And the findings don’t stop here, it seems that the same hackers have also been stealing the breached organization’s SSL certificate and using it on their own servers to carry out MitM attacks.

Cybersecurity experts are saying that such cyber attacks are of considerably more concern than DNS modification attacks involving a single organization’s credentials.

In conclusion, the specialist’s main concern here is whether or not such attacks are going to increase, and the damage that could result from a compromise of a major DNS registry or registrar.

We would continue to monitor this cybersecurity problem. Meanwhile, users should keep a keen eye out for any cyber attacks. Remember to use an antivirus for Windows or antivirus for Mac in every device that you own, depending on which OS your machine is running, If you are a company we recommend to hire every year a specialized cybersecurity company that will run annual tests on your company’s network, tests like this include: penetration testing and ethical hacking.