Icann Spear Phishing Attack Strikes at the Heart of the Internet
http://www.infosecurity-magazine.com/news/icann-spear-phishing-attack/
Hackers have struck at the heart of the net with a spear phishing attack on Icann employees which gave them access to a key administrative database and other digital assets, the internet oversight body has revealed.
In a note earlier this week, Icann admitted that the attack in late November involved email messages crafted to appear as if they came from the organizations domain.
This enabled attackers to compromise Icann staff email credentials which then gave them access to other systems, most notably the Centralized Zone Data System (CZDS).
Icann explained:
The attacker obtained administrative access to all files in the CZDS. This included copies of the zone files in the system, as well as information entered by users such as name, postal address, email address, fax and telephone numbers, username, and password. Although the passwords were stored as salted cryptographic hashes, we have deactivated all CZDS passwords as a precaution.