Hackers Breached Greece’s Top-Level Domain Registrar

State-sponsored hackers have breached ICS-Forth, the organization that manages Greece’s top-level domain country codes of .gr and .el. From a report: ICS-Forth, which stands for the Institute of Computer Science of the Foundation for Research and Technology, publicly admitted to the security incident in emails it sent to domain owners on April 19. The hackers behind the breach are the same group detailed in a Cisco Talos report from April, which the company named Sea Turtle. The group uses a relatively novel approach to hacking targets. Instead of targeting victims directly, they breach or gain access to accounts at domain registrars and managed DNS providers where they make modifications to a company’s DNS settings. By modifying DNS records for internal servers, they redirect traffic meant for a company’s legitimate apps or webmail services to clone servers where they carry out man-in-the-middle attacks and intercept login credentials.