Yesterday, Google Malaysia domains were apparently hacked by a group named “Team Madleets”, website-the hacker post already forecasted that, it could be a DNS poisoning attack. Google domains of various countries already hit by DNS Poisoning, in the past.
Google Malaysia two domains were affected by the attack and were offline for several hours as of late Thursday afternoon. Domains affected by the attacks—(www.google.com.my, www.google.my).
How hackers managed to hijack Google?
Both of the Malaysian domain of Google were affected by the DNS poisoning attack, hackers managed to access (Malaysia Network Information Centre) to change DNS records for the domain and pointed them to the madleets name server.
Name servers at the domains, when they were affected:
- Primary Name Server: b0x4.madleets.com
- Secondary Name Server: b0x3.madleets.com
Hackers wrote on the defaced page:
|“Struck by 1337! Google Malaysia STAMPED by PAKISTANI LEETS! We are TeaM MADLEETS! Pakistan Zindabad”|
After the attack, MYNIC issued statement for the confirmation of attack, they wrote:
|We can confirm there was unauthorised redirection of www.google.com.my and www.google.my to another IP address by a group which called themselves TeaM MADLEETS.
The problem was alerted in the early morning and MYNIC Computer Security Incident Response Team (CSIRT) immediately started to resolve the issue. The domain name www.google.com.my has been restored to their correct information at 7.10 am today and www.google.my is still resolving.
Google Domains’ Hijacking in the News: