Global DNS Hijacking - Espionage / Muks Hirani

Global DNS Hijacking - Espionage / Muks Hirani === Global dns hijacking * Introduction 講者自我介紹 Living in dubai * Dns overview Threat research global dns hijacking campaign dns record manipulation at scale https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html Dns translatates domain names to IP addresses Dns root ![](https://i.imgur.com/MC3bXwA.png) * Clusters ![](https://i.imgur.com/Zmyj9mx.png) 攻擊者登錄PXY1 使用以前受到破壞的憑據登錄DNS提供商的管理面板。當前指向192.168.100.100。攻擊者更改A record 並將其指向10.20.30.40（OP1）。攻擊者從PXY1登錄到OP1。 ![](https://i.imgur.com/9rKH6cI.jpg) ![](https://i.imgur.com/fm5sVyp.jpg) * Activity * Summury open question muks.hirani@crowdstrike.com https://twitter.com/cyberamyntas ###### tags: `HITCONCMT2019`,`HITCONCMT`,`HITCON`