ICANN hit by spear phishing attack, employee credentials compromised

Oops! ICANN employees fall for spear phishing attack, with some employee credentials hit

By: Michael Hatamoto | Hacking & Security News | Posted: Dec 18, 2014 7:26 am

Comment | Email to a Friend | Font Size: A A

ICANN employees have fallen victim to a suspected spear phishing cyberattack that began in late November 2014, the group confirmed in a blog post. The social engineering attack mimicked emails that closely resembled communications from its own domain and targeted ICANN employees. Unfortunately, the attack was successful and several ICANN staff members had their credentials compromised.

icann-hit-spear-phishing-attack-employee-credentials-compromised_01

The compromised credentials were used to access ICANN's Centralized Zone Data System, providing criminals with access to names, postal addresses, email addresses, fax and phone numbers, usernames and passwords. The breach also hits the ICANN GAC Wiki, with only public information accessible to the cybercriminals.

Earlier in the year, ICANN boosted its cybersecurity, which the group said likely helped keep unauthorized access to a minimum from this attack.

NEWS SOURCES:Csoonline.com, Cdn2.pcpro.co.uk