Last week, a number of high-profile Romanian websites – including Google.ro and Yahoo.ro – redirected their visitors to a defacement page set up by an Algerian hacker. After concluding that this was a case of DNS poisoning, experts revealed that this was most likely the result of a breach that affected RoTLD.
RoTLD, the handler of Romania’s top level domains, has been quiet about the incident until yesterday, when it came forward with a statement. According to
the company’s representatives, the attack against their .ro domain administration server took place on the night between November 27 and 28.
They reveal that the attackers modified the name servers of several popular domains to redirect their visitors to an arbitrary webpage. Immediate measures have been taken to prevent future incidents.
The security breach is currently being investigated. The investigation’s results will be made public in the upcoming days.
RoTLD claims that DNS servers haven’t been affected and that no financial information is stored on the affected machines.