“Sea Turtle” DNS hijacking campaign and their continuing efforts to compromise victims. The operators behind the campaign have adopted a new DNS hijacking technique that involves modifying the target domain’s name server records to point legitimate users to the actor-controlled server. Once in control of the victim’s DNS, the attackers redirect their traffic to malicious websites and email servers. This would facilitate a man-in-the-middle attack against the victim or potentially allow the attacker to harvest credentials.
Indicators of Compromise
IP(s) / Hostname(s)