The attackers leveraged an SQL Injection vulnerability to hack the TLD administrator
Users from Turkmenistan who have attempted to access websites such as YouTube.tm, Gmail.tm, MSDN.tm, Intel.tm, Xbox.tm, Orkut.tm or Google.tm over the past few hours have been greeted with a defacement message posted by hackers.Cyber News reports that this is the work of Iranian hackers.
The sites themselves have not been breached. For all we know, many of the domains might not even be actively used.
The hackers have actually penetrated the systems of nic.tm, the administrator of the .TM top level domains.
The attackers claim they’ve identified an SQL Injection vulnerability in nic.tm, which has allowed them to steal and leak all the user credentials stored in the company's databases.
Besides leaking the data, the hackers have also gained access to DNS records. By altering them, they’ve been able to redirect the visitors of the aforementioned websites to their own domain.
Over the past few months, we’ve witnessed similar cases of DNS poisoning in Morocco, Romania, Pakistan and Israel.