Hackers hijack one of Coincheck’s domains for spear-phishing attacks

Hackers hijacked Coincheck’s domain registrar account and then changed DNS settings.

Japanese cryptocurrency exchange Coincheck says hackers took control over its account at a local domain registrar and hijacked one of its domain names, which they later used to contact some of its customers.

The exchange paused remittance operations on its platform on Tuesday while it’s investigating the incident. Other operations, such as withdrawals or deposits, have not been blocked.

According to an incident report published yesterday, the company said the initial attack took place on Sunday, May 31. The hackers gained access to Coincheck’s account at Oname.com, the company’s domain registrar provider. Oname also confirmed the incident.

While Coincheck didn’t provide any technical details about the attack, Japanese security researcher Masafumi Negishi said the hackers modified the primary DNS entry for Coincheck’s coincheck.com domain.

Coincheck uses Amazon’s managed DNS service, meaning an Amazon DNS server was handling the operation of returning the server IP address where users’ clients (browser, mobile apps, wallets) needed to connect for the coincheck.com domain.

Source : Hackers hijack one of Coincheck’s domains for spear-phishing attacks

Mots-clés : cybersécurité, sécurité informatique, protection des données, menaces cybernétiques, veille cyber, analyse de vulnérabilités, sécurité des réseaux, cyberattaques, conformité RGPD, NIS2, DORA, PCIDSS, DEVSECOPS, eSANTE, intelligence artificielle, IA en cybersécurité, apprentissage automatique, deep learning, algorithmes de sécurité, détection des anomalies, systèmes intelligents, automatisation de la sécurité, IA pour la prévention des cyberattaques.