DNS Infrastructure Hijacking

Researchers at FireEye and Cisco Talos disclosed details on a global Domain Name System (DNS) infrastructure hijacking campaign that could allow threat actors to conduct man-in-the-middle attacks. Using compromised credentials, attackers can modify the location where an organization’s domain name resources resolve, redirect user traffic to infrastructure controlled by the attacker, and obtain valid encryption certificates for the organization’s domain names. The NJCCIC encourages users and administrators review the research by FireEye and Cisco Talos for additional information on this campaign, and apply the best practices included in the US-CERT advisory, such as implementing multi-factor authentication, verifying DNS infrastructure, and revoking any fraudulently requested encryption certificates.