Earlier this year, a threat group referred to as Sea Turtle hacked into the systems of ICS-Forth, a firm that manages the top-level domain country codes used by Greece, namely .gr and .el.
Sea Turtle goes after domain registrars and managed DNS providers because this allows the group to target third party organizations by modifying their DNS settings. Meddling with DNS settings can enable the attackers to redirect traffic intended for company services, making it possible to carry out man-in-the-middle attacks and intercept sensitive information, including account credentials. Because many companies do not monitor changes in DNS settings, attacks of this kind are rarely detected.
While FireEye has identified Sea Turtle as an Iranian state-backed group, Crowdstrike and Cisco Talos have so far refrained from drawing conclusions about the identities and affiliations of the hackers.
Read more: Hackers breached Greece’s top-level domain registrar