The Department of Homeland Security has so far found no evidence that U.S. federal Domain Name System servers have been compromised by a global DNS hijacking campaign, FCW reported Friday.
Jeanette Manfra, an official with the Cybersecurity and Infrastructure Security Agency, told FCW in an interview that, based on preliminary forensic analysis, there are no indications that attackers have managed to alter the DNS records for U.S. federal domains.
The DNS hijacking operation was initially reported by Talos, Cisco’s cyber threat intelligence division, in November of 2018. In response to the same threat, the DHS in January sent out an emergency directive instructing federal agencies to immediately secure their DNS servers and ascertain the integrity of their DNS records.
DNS helps translate human-readable domain names into Internet Protocol addresses, which computers or mobile devices need to locate information online. Through DNS hijacking, attackers falsify DNS records, causing users to be redirected to fraudulent IP addresses where information can then be intercepted or manipulated.
Ars Technica reports that the hijacking campaign has affected numerous private companies and governments around the world.