On Dec. 16, Internet Corporation for Assigned Names and Numbers (ICANN) said it fell victim to a spear phishing attack that resulted in email credentials of several ICANN staff being compromised.
The incident, which occurred in late November and was discovered in early December, allowed attackers to access the Centralized Zone Data System and the ICANN GAC Wiki.
The attacker(s) were able to poke around ICANN systems and obtain administrative access to all files in the CZDS, including copies of the zone files in the system, as well as user information such as name, postal address, email address, fax and telephone numbers, username, and password, according to the original announcement.
Fortunately, ICANN said that those compromised accounts did not have access to the IANA functions systems, which the organization says are a separate system with additional security measures that have not been breached.
IANA functions coordinate domain names with IP addresses to appropriately direct DNS requests to the appropriate server.
ICANN has a contract with U.S. Department of Commerce to maintain the IANA functions on behalf of the entire Internet community.
“During and after the attack, all critical functions hosted by ICANN, including the IANA functions, remained fully operational and unaffected by the attacker’s activities,” ICANN said in an update.
“ICANN employs multiple levels of protection for its most critical services. While the attackers were able to breach the outermost layer of defenses, our on-going investigation indicates our most critical systems were not affected.”
Related: Don’t Let DNS be Your Single Point of Failure
Related: DNS Hijack – How to Avoid Being a Victim

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- Check Point to Acquire SASE Security Firm Perimeter 81 for $490 Million
- Rapid7 Announces Layoffs, Office Closings Under Restructuring Plan
- Horizon3 AI Raises $40 Million to Expand Automated Pentesting Platform
- Watch Now: Cloud & Data Security Summit Sessions
- Watch on Demand: 2023 CISO Forum Sessions
- Virtual Event Today: CISO Forum 2023 – Register to Join
- Watch Now: Threat Detection and Incident Response Virtual Summit
- Registration Now Open: 2023 ICS Cybersecurity Conference | Atlanta
Latest News
- In Other News: New Analysis of Snowden Files, Yubico Goes Public, Election Hacking
- China’s Offensive Cyber Operations in Africa Support Soft Power Efforts
- Air Canada Says Employee Information Accessed in Cyberattack
- BIND Updates Patch Two High-Severity DoS Vulnerabilities
- Faster Patching Pace Validates CISA’s KEV Catalog Initiative
- SANS Survey Shows Drop in 2023 ICS/OT Security Budgets
- Apple Patches 3 Zero-Days Likely Exploited by Spyware Vendor to Hack iPhones
- New ‘Sandman’ APT Group Hitting Telcos With Rare LuaJIT Malware
