New BolehVPN Android Client with Lollipop Support
April 9, 2015
New UK servers!
April 15, 2015
Show all

MYNiC registry possibly compromised

It seems that some Malaysian sites (Prominently, google.com.my and yahoo.com.my) have been the victims of a DNS attack. Accessing those sites now redirects to a temporary site with a defaced page.

The group behind this claims to be a Bangladeshi hacker group. This attack is remarkably similar to the one done 2 years ago, ostensibly by the same group and targeting the same sites.

We’ve tried accessing the websites using different DNS (TM’s, Google’s, and DNSWatch) and have been redirected to the defaced page each time. This indicates the attack was on the MYNiC registry, just like the last time, and Google / TM merely updated their records based off the MYNiC registry. All domains on the .MY suffix should be considered as at risk for now.

We will keep this updated as new info comes in.

Leave a Reply

Your email address will not be published. Required fields are marked *