U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

ICANN systems compromised via Spear Phishing attack by unknown hackers

The ICANN organization confirmed that several its systems were compromised via Spear Phishing attack. The company is investigating the case. ICANN revealed the details of a recent spear phishing attack that allowed unknowns to access its network. The attackers spoofed the ICANN domain, and deceived internal staff into revealing their email credentials. The ICANN is the organization […]

ICANN systems compromised via Spear Phishing attack by unknown hackers

The ICANN organization confirmed that several its systems were compromised via Spear Phishing attack. The company is investigating the case.

ICANN revealed the details of a recent spear phishing attack that allowed unknowns to access its network. The attackers spoofed the ICANN domain, and deceived internal staff into revealing their email credentials.

The ICANN is the organization that manages the global top-level domain system and its systems are vital for the overall Internet.

“The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password. Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution.” states the announcement published by the ICANN.

Experts at ICANN explained that that intrusion occurred in late November 2014 and among the actions made by the attackers there were the access to the Centralized Zone Data System (CZDS czds.icann.org).

The hackers had access to the system that manages the files with data on resolving specific domain names (zone files), as well as personal information provided by the user (i.e. name, postal address, email address, fax and telephone numbers, credentials).  Although the passwords were stored as salted cryptographic hashes, ICANN deactivated all CZDS passwords in response to the incident.

“The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password. Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution. Users may request a new password at czds.icann.org. We suggest that CZDS users take appropriate steps to protect any other online accounts for which they might have used the same username and/or password. ICANN is providing notices to the CZDS users whose personal information may have been compromised.”

The attackers also used the credentials to access other ICANN systems besides email including the ICANN GAC Wiki (gacweb.icann.org). Public information, the members-only index page and one individual user’s profile page was viewed. No other non-public content was viewed.

“Public information, the members-only index page and one individual user’s profile page was viewed. No other non-public content was viewed.” reports the statement from the ICANN.

The hackers also accessed user accounts on two other systems, the ICANN Blog (blog.icann.org) and the ICANN WHOIS (whois.icann.org) information portal, but in this case the investigators haven’t found any evidence of malicious operation.

ICANN 1

In time I’m writing, ICANN is not aware other internal systems that have been compromised and the organization confirmed that the attack does not impact any IANA-related systems.

The ICANN also explained that a recent improvement to internal security helped contain the unauthorized access to its systems.

“Earlier this year, ICANN began a program of security enhancements in order to strengthen information security for all ICANN systems. We believe these enhancements helped limit the unauthorized access obtained in the attack. Since discovering the attack, we have implemented additional security measures.”

The ICANN highlighted that it is providing information about this incident publicly.

Pierluigi Paganini

(Security Affairs –  ICANN, spear-phishing attack)