The Algerian hackers that have breached RoTLD are behind the attack
Algerian hackers of the MCA-CRB collective have managed to breach the systems of the Naming and Registration Authority of San Marino (nic.sm) and the Kyrgyzstan domain registration service (nic.kg).After breaching the sites, the hackers gained access to the DNS records of several high-profile sites and made them redirect visitors to their own defacement page, Cyber News reports.
The affected sites include Google San Marino (google.sm), Google Kyrgyzstan (google.com.kg), Microsoft Kyrgyzstan (Microsoft.kg), Facebook San Marino (facebook.sm), YouTube San Marino (youtube.sm) and Yahoo San Marino (yahoo.sm).
It’s worth noting that none of the sites were actually breached, but the fact that they penetrated the registrars allowed the hackers to redirect their visitors to an arbitrary website.
At the time of writing, the sites were restored.
Another thing worth mentioning is that MCA-CRB is the same hacker collective that breached RoTLD, the organization responsible for handling .ro top-level domains.
Over the past few months, numerous hacker groups have turned to DNS poisoning to make it appear as if high-profile websites have been defaced. Other NICs compromised recently are the ones of Malawi, Saint Helena, Morocco, Turkmenistan and Pakistan.