The Romanian domain names of Google, Yahoo, Microsoft, Kaspersky Lab and other companies were hijacked on Wednesday and were redirected to a hacked server in the Netherlands.
Yesterday, Softpedia reported that an Algerian hacker using the nickname MCA-CRB has managed to deface the Romanian sites of Google (google.ro) and Yahoo! (yahoo.ro).
Analysts at the security vendor Kaspersky Lab confirmed that both domains resolved to an IP address located in the Netherlands: 18.104.22.168 (server1.joomlapartner.nl), meaning that the incidents were most probably DNS poisoning attacks.
Costin Raiu, director of the global research and analysis team at security vendor Kaspersky Lab, said that the most probable scenario for the DNS hijacking/poisoning incident was a compromise at RoTLD - The Romanian Top Level Domain Registry. RoTLD has not come out with a statement yet.
The full list of .RO domains affected by the incident were the following, according to Kaspersky:
Google admitted that for a specific period, some users visiting www.google.ro and a few other web addresses were redirected to a different website. The company said it had contacted the organization responsible for managing domain names in Romania.
Yahoo also confirmed that Yahoo.ro was inaccessible to some users in Romania.
Microsoft.ro was also impacted by a third-party DNS issue, Microsoft said.