cyber Breach

ICS-FORTH

May 11, 2023 1 min read
ICS-FORTH

State-sponsored hackers have breached ICS-Forth, the organization that manages Greece's top-level domain country codes of .gr and .el.

The hackers behind the breach were the same group detailed in a Cisco Talos report, which the company named Sea Turtle.

The group uses a relatively novel approach to hacking targets.

Instead of targeting victims directly, they breach or gain access to accounts at domain registrars and managed DNS providers where they make modifications to a company's DNS settings.

Unfortunately, this time around, the Talos team doesn't have any details of what the hackers did on ICS-Forth's network after they gained access to its systems.

Source: https://www.zdnet.com/article/hackers-breached-greeces-top-level-domain-registrar/

TPRM report: https://scoringcyber.rankiteo.com/company/icsforth

"id": "ics11427323",
"linkid": "icsforth",
"type": "Breach",
"date": "07/2019",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"
{'affected_entities': [{'industry': 'Technology',
                        'location': 'Greece',
                        'name': 'ICS-Forth',
                        'type': 'Organization'}],
 'attack_vector': 'DNS Hijacking',
 'description': 'State-sponsored hackers have breached ICS-Forth, the '
                "organization that manages Greece's top-level domain country "
                'codes of .gr and .el. The hackers behind the breach were the '
                'same group detailed in a Cisco Talos report, which the '
                'company named Sea Turtle. The group uses a relatively novel '
                'approach to hacking targets. Instead of targeting victims '
                'directly, they breach or gain access to accounts at domain '
                'registrars and managed DNS providers where they make '
                "modifications to a company's DNS settings. Unfortunately, "
                "this time around, the Talos team doesn't have any details of "
                "what the hackers did on ICS-Forth's network after they gained "
                'access to its systems.',
 'initial_access_broker': {'entry_point': 'Domain registrars and managed DNS '
                                          'providers'},
 'references': [{'source': 'Cisco Talos report'}],
 'threat_actor': 'Sea Turtle',
 'title': 'State-sponsored hackers breach ICS-Forth',
 'type': 'Hacking'}
Published by
Roshni Ray
Roshni Ray
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.