A mysterious group of hacktivists has poisoned the DNS records of several Sri Lankans (.lk) websites on Saturday and redirected users to a web page detailing various social issues impacting the local population.
While most of the affected domains were websites for local businesses and news sites, two high-profile domains for Google.lk and Oracle.lk, were also impacted, readers told ZDNet on Saturday.
The following message was displayed on Google.lk for a few hours before authorities intervened. The message highlights issues with the local tea-growing industry, freedom of the press, the alleged corrupt political class and judicial system, and racial, minority, and religious issues.
Image: ZDNet
This attack took place on Saturday, February 6, just two days after Sri Lanka’s official national independence day, on February 4, which explains the nationalistic message.
NIC.lk, the administrator of the country’s national LK top-level domain space, confirmed the attack on Saturday in a message posted on its website.
“An issue with the .LK Domain Registration System arose early in the morning of Saturday, February 6th, which affected a few domains registered in .LK,” the organization said. “This issue was attended to expeditiously, and the matter was resolved by approx. 8.30 a.m.”
The Telecommunications Regulatory Commission of Sri Lanka also confirmed the incident in a tweet on its account.
With certain .lk domains currently being affected by a malicious redirection, the LK Domain registry is in the process of resolving the issue with TRC & CERT assisting. please contact https://t.co/73gFq0Qc0U on 0114216061 hotline to report any issue and for support #publicalert
— TRCSL (@TRCSL) February 6, 2021
Details about the attack and the number of impacted domains have not been made public. A NIC.lk spokesperson did not respond to a request for comment sent by ZDNet on Sunday.
The attack didn’t go unnoticed in Sri Lanka, and several users tweeted about it over the weekend, even if the incident was active for only a few hours.
Users in #SriLanka hv complained that https://t.co/bFifSYuMZa domain is being redirected to a site which highlights issues faced by teaworkers in #lka. Expert @aselawaid tweeted this appears to be a major domain level hijack which seems to be redirected to a propaganda page.
— Jamila Husain (@Jamz5251) February 6, 2021
This is the second cyber-security-related incident that impacts the NIC.lk organization. In 2013, hackers used an SQL injection attack to breach its database and steal data about .lk domain owners.