The email seemed the largest Brazilian telecommunications company coming and contained a link to a website. This website was abuse of cross-site request forgery (CSRF) vulnerabilities in the UTStarcom- and TP-Link routers from the telco. The CRSF attack tried to log into different default passwords and administrator names on the router. In case the attack was successful, the DNS servers from the router were changed.
The Domain Name System (DNS) is similar to the directory and translates among other domain names into IP addresses. The DNS hijacking an attacker can manipulate the movement of users and intercept sensitive data. Example, if users want them to be redirected to another page to their banking site. During the attack on Brazilian users to security firm Proofpoint , the campaign found out, not knowing what was done using the custom DNS servers.
No comments:
Post a Comment