The wave of domain hijacking attacks besetting the Internet over the past few months is worse than previously thought, according to a new report that says state-sponsored actors have continued to brazenly target key infrastructure despite growing awareness of the operation.
The report was published Wednesday by Cisco’s Talos security group. It indicates that three weeks ago, the highjacking campaign targeted the domain of Sweden-based consulting firm Cafax. Cafax’s only listed consultant is Lars-Johan Liman, who is a senior systems specialist at Netnod, a Swedish DNS provider. Netnod is also the operator of i.root, one of the Internet’s foundational 13 DNS root servers. Liman is listed as being responsible for the i-root. As KrebsOnSecurity reported previously, Netnod domains were hijacked in December and January in a campaign aimed at capturing credentials. The Cisco report assessed with high confidence that Cafax was target