TiGER-M@TE hacked Malwai Google, Yahoo, MSN, Windows

TiGER-M@TE and h311 c0d3 strike again with DNS poisoning attack by targetting Malwai top tech organizations domains Google, Yahoo, MSN, Windows, Kaspersky and others.

Deface Page:

Famous Bangladeshi hacker TiGER-M@TE known for his big defacements strikes again! This time he teams up with another hacker 'h311 c0d3' for another big defacement campaign.The hacker managed to hack into Malawi (.mw) Domain Registrar website and also target Master and Slave DNS servers.

The attackers changed the authoritative DNS records for the affected domains, to point the domain names to their own web server with a deface page hosted on it.

It’s not clear how this attack was carried out, but it may have involved compromising the system operated by the Moroccan Top Level Domain Registrar (MaTLD).

Hackers are continuously attacking on domain registrars of a country and redirect domains to a hosted deface page. We have reported about these kind of DNS attacks. Pakbugs also hijack domains with the same DNS attack of different countries by hacking Uganda, Morocco and Pakistani NIC. 

Hacked Domains with Mirrors by TiGER-M@TE:

http://msn.mw
http://www.zone-h.com/mirror/id/19294618

http://www.google.co.mw
http://www.zone-h.com/mirror/id/19294503

http://www.google.mw
http://www.zone-h.com/mirror/id/19294486

http://fanta.mw
http://www.zone-h.com/mirror/id/19294032

http://yahoo.mw
http://www.zone-h.com/mirror/id/19293896



Hacked Domains with Mirrors by h311 c0d3:

http://gmail.com.mw
http://www.zone-h.com/mirror/id/19295499

http://www.google.com.mw
http://www.zone-h.com/mirror/id/19293364

http://kaspersky.mw
http://www.zone-h.com/mirror/id/19294931

http://windows.mw
http://www.zone-h.com/mirror/id/19294984

http://images.google.com.mw
http://www.zone-h.com/mirror/id/19293263

http://translate.google.com.mw
http://www.zone-h.com/mirror/id/19293526

http://msn.com.mw
http://www.zone-h.com/mirror/id/19293527

What is DNS poisoning?

DNS is the system that converts website names into an IP address of the server hosting the website. A DNS poisoning attack tampers the valid list with fake records causing domain names to resolve to incorrect IP addresses.

Why deface one website, when you can just hack the server that holds the IP address to the victim’s site? So, if you can hack the Domain Name System registrar that holds the records for an entire country, you can change any of the servers that you like to point to any website that you want.

These attacks can be much worse, if the hacktivists are a more malicious group. Like Nation State hackers, for example, who want to infect groups of systems from a target nation. Or gather pertinent credentials from users who think they are on a legitimate website, and not a spoofed one reached via Domain Name System manipulation. Imagine, how many accounts can be compromised if the websites are redirected to a Phishing page, instead of a defaced page.


At the time of reporting, Domain Registrar fix the DNS server records and all affected domains are pointed back to original servers.