The administrator of Romania’s top level domain has confirmed a successful attack against its domain server administration infrastructure took place on the night of November 27/28. Forensic analysis is ongoing and results will be published at a later date.
The hack (which we have covered here before) saw domains from companies such as Google, Yahoo and Kaspersky redirected to a defacement page hosted on a (possibly compromised) server in the Netherlands.
The attackhad managed to poison DNS cache servers of all Romanian internet service providers, as well as some of the international public DNS servers, including the Google DNS (8.8.8.8 and 8.8.4.4) as they cache the DNS resolution sent by RoTLD to speed up the resolution process when other similar requests are made and RoTLD servers are, of course, authoritative for .ro domains.
tags
Razvan Stoica is a journalist turned teacher turned publicist and technology evangelist. Recruited by Bitdefender in 2004 to add zest to the company's online presence.
View all postsJune 08, 2023
May 02, 2023
January 11, 2023
January 05, 2023