Russia-affiliated criminals use Sitting Duck technique to bag 30,000 domains

Russia-affiliated criminals are using a technique called Sitting Ducks to snag up an estimated 30,000 domains by exploiting weak DNS services.

Russia-affiliated criminals use Sitting Duck technique to bag 30,000 domains
Comment IconFacebook IconX IconReddit Icon
Tech and Science Editor
Published
1 minute & 15 seconds read time

Since 2019, Russian-affiliated hackers have hijacked an estimated 30,000 domains since 2019, with the cybercriminals exploiting a flaw in DNS.

Russia-affiliated criminals use Sitting Duck technique to bag 30,000 domains 165615

The vulnerability was detailed by security researcher Matt Bryant in 2016, who looked at how the vulnerability led to the hijacking of 120,000 domains. The same problem reared its head again in 2019 with GoDaddy, an internet domain registry, domain registrar, and web hosting company. The 2019 issue led to sextortion attempts and bomb threats.

The technique being used is called Sitting Ducks. It essentially exploits gaps in administrative privileges, enabling cybercriminals to alter domain records without any validation from the owner. Unfortunately, the hijacked domain isn't just damaging for the owner of the domain but also for any visitor to that domain, as hijacked domains are commonly used for phishing, scams, spam, and other illegal activity.

Sitting Ducks Technique

  1. A registered domain, or subdomain of a registered domain, uses the authoritative DNS services of a different provider than the domain registrar; this is called name server delegation.
  2. A domain is registered with one authoritative DNS provider, and either the domain or a subdomain is configured to use a different DNS provider for authoritative name service.
  3. The name server delegation is lame, meaning that the authoritative name server does not have information about the domain and therefore can not resolve queries or subdomains.
  4. The DNS provider is exploitable, meaning that the attacker can claim ownership of the domain at the delegated authoritative DNS provider while not having access to the valid owner's account at the domain registrar.
Photo of the $10 -PlayStation Store Gift Card [Digital Code]
Best Deals: $10 -PlayStation Store Gift Card [Digital Code]
Country flag Today 7 days ago 30 days ago
$10 USD $10 USD
Buy
$10 USD $10 USD
Buy
$10 USD $10 USD
Buy
- $50 CAD
Buy
$10 USD $10 USD
Buy
$10 USD $10 USD
Buy
* Prices last scanned on 2/18/2025 at 12:21 pm CST - prices may not be accurate, click links above for the latest price. We may earn an affiliate commission from any sales.

Tech and Science Editor

Email IconX IconLinkedIn Icon

Jak joined the TweakTown team in 2017 and has since reviewed 100s of new tech products and kept us informed daily on the latest science, space, and artificial intelligence news. Jak's love for science, space, and technology, and, more specifically, PC gaming, began at 10 years old. It was the day his dad showed him how to play Age of Empires on an old Compaq PC. Ever since that day, Jak fell in love with games and the progression of the technology industry in all its forms.

Related Topics

Newsletter Subscription