Attack: AWS Route 53 Hijack

In late April, a complex attack was executed in the core internet infrastructure by attackers that redirected users of the website towards a phishing site.

The incident has been described as a BGP or Border Gateway Protocol “leak” that allowed the attackers to wrongly announce protocol (IP) in a space that’s owned by Amazon’s Route 53 managed DNS service. The hackers were able to hijack DNS entries after executing a BGP route hijack that redirected entire swaths of internet traffic meant for Amazon servers to systems that they controlled. Attackers acquired over $150,000 from the site because users ignored an HTTPS browser warning that stated that the site that was using a self-signed TLS certificate.

Some of the hijacked traffic was used by the internal team. Because of this discrepancy, attackers were able to point domain name resolutions from the domain to an IP address located in Russia, where they hosted their fake version of the website that logged private keys. Users who were logged into their account could have had their credentials compromised and users who had already signed in would have transmitted login information through cookies. Once the credentials had been compromised, attackers then were able to login and steal Ethereum from victims wallets. It was reported that DNS servers were hijacked at 12pm UTC on April 25th, and it appears that the redirects occurred for approximately 2 hours. The incident highlighted a well-known weaknesses in core Internet infrastructure.

Proficio Threat Intelligence Recommendations:

  • Do not input personal information into sites using self-signed TLS certifications
  • Block traffic from IP addresses geo-located in Russia

General Information – Click Here

Recent Blog Posts

Stay Ahead of Evolving Threats

Sign up for our free newsletter and receive invaluable threat notifications from our Threat Intelligence team.

By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.


Experience Tomorrow’s
Security Today

Request a Demo and Experience Proficio's
Innovative Solutions in Action.

By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.