Reports from FireEye and Cisco Talos revealed that malicious actors gained access to accounts that regulated DNS records and âmade them resolve to their own infrastructure before relaying it to the real address,â Krebs wrote in a blog post published Thursday.
âBecause they could control an organizationâs DNS, they could obtain legitimate digital certificates and decrypt the data they intercepted â all while everything looked normal to users.â
Krebs, a 2019 Wash100 winner, noted that CISAâs directive is an urgent response to the risk posed by an active attacker that homes in on government organizations and compromises legitimate traffic to obtain data, cause delay or disrupt services.
âWe know that this type of attack isnât something many organizations monitor for or have tight controls around,â he said of the DNS hijacking campaign.
Â