Team of Cyberspies Hacked Entire Countries’ Internet Domains

Researchers at a threat intelligence company said Wednesday that a group of hackers known as Sea Turtle compromised multiple top-level country internet domains, using a particularly nefarious technique known as DNS hijacking. DNS hijacking manipulates the Domain Name System, the rules that organize where internet traffic is sent, to redirect activity through their own IP address where it can be spied on. Wired reports that when an entire country’s domain—think .co.uk, or .ru—gets breached, all of the traffic on the domain is in jeopardy. Cisco’s Talos security division said that Sea Turtles’ primary goal appears to have been hacking governmental bodies, including ministries of foreign affairs, intelligence agencies, and energy-related groups. Cisco only identified one country, Armenia, where the entire nation’s domain was compromised—but the company said that victims of the attack were located in a number of Middle Eastern nations.