You can now find Cyber Kendra on Google News!

ICANN got Hacked, Fell Victim to a Spear Phishing Attack

ICANN got Hacked, Fell Victim to a Spear Phishing Attack, ICANN got Hacked, Internet Corporation for Assigned Names and Numbers, hacking web server, information security experts, cyber security team, info security experts, cyber myths, information security experts, pentesting tools
ICANN got Hacked, Fell Victim to a Spear Phishing Attack, ICANN got Hacked, Internet Corporation for Assigned Names and Numbers, hacking web server, information security experts, cyber security team, info security experts, cyber myths, information security experts, pentesting tools
Internet Corporation for Assigned Names and Numbers has announced that its system was compromised by a phishing attack. Some of the staff of ICANN fell victim to a spear phishing attack. 

The phishing mail was designed to look like it came from ICANN’s own domain name being sent to members of its staff. Email credentials of several ICANN staff members were obtained. 

 ICANN said that the attackers had gained administrative access to some of ICANN’s systems, including its Centralized Zone Data Service (CZDS). The Centralized Zone Data System (CZDS). This system is a repository for zone files from each registry, updated daily. Many bloggers use this system to download zone file data. 

ICANN noted that the attack occurred in late November. The attacker gained access to copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password. It says the passwords were stored as salted cryptographic hashes, but it has reset all passwords as a precaution.
ICANN is a nonprofit organization that has assumed the responsibility for IP address space allocation, protocol parameter assignment, domain name system management and root server system management functions previously performed under U.S. Government contract.
In early December 2014, ICANN discovered that the compromised credentials were used to access other ICANN systems besides email. Additionally, Unauthorized access was also obtained to user accounts on two other systems, the ICANN Blog (blog.icann.org) and the ICANN WHOIS (whois.icann.org) information portal.

Post a Comment