Last week, the Department of Homeland Security (DHS) released an Emergency Directive regarding an ongoing investigation into a series of incidences involving DNS traffic tampering that have impacted multiple executive branch agency domains. After compromising an account that can make DNS changes, a hacker can redirect traffic to an address they control, manipulate and inspect the data, and obtain valid encryption certificates to decrypt user data. All federal agencies are required to comply with the actions DHS has outlined in this directive to mitigate this threat.
The SecuLore team is concerned that state and local governments could also be targeted with these techniques. We encourage you to read the full DHS directive and complete the same steps they have recommended for your own agencies as a precautionary measure:
Action One: Audit DNS Records
Action Two: Change DNS Account Passwords
Action Three: Add Multi-Factor Authentication to DNS Accounts
Action Four: Monitor Certificate Transparency Logs
You can read the full DHS Emergency Directive here.
SecuLore Support Team