Security News > 2021 > January > Expired Domain Allowed Researcher to Hijack Country's TLD
A researcher claimed last week that he managed to take control of the country code top-level domain for the Democratic Republic of Congo after an important domain name was left to expire.
Fredrik Almroth, founder and researcher at web security company Detectify, decided to analyze the name server records used by all TLDs. These NS records specify the servers for a DNS zone.
Cd TLD belonged to South African Internet eXchange, which kept the TLD operational.
Gaining control over the scpt-network.com domain could have still allowed a malicious actor to hijack half of the DNS traffic for.
The researcher noted that a threat actor could have redirected DNS traffic from legitimate sites to phishing or other malicious websites, they could have passively intercepted DNS traffic for surveillance purposes or data exfiltration, or they could have used it for fast fluxing, to hide malicious websites.
"This vulnerability affects more than a single website, subdomain, or even a single apex domain. All.cd websites, including those for major international companies, financial institutions, and other organizations that have a.cd domain in Africa's second most populous country could have fallen victim to abuse, including phishing, MITM, or DDoS.".