On Dec. 16, Internet Corporation for Assigned Names and Numbers (ICANN) said it fell victim to a spear phishing attack that resulted in email credentials of several ICANN staff being compromised.
The incident, which occurred in late November and was discovered in early December, allowed attackers to access the Centralized Zone Data System and the ICANN GAC Wiki.
The attacker(s) were able to poke around ICANN systems and obtain administrative access to all files in the CZDS, including copies of the zone files in the system, as well as user information such as name, postal address, email address, fax and telephone numbers, username, and password, according to the original announcement.
Fortunately, ICANN said that those compromised accounts did not have access to the IANA functions systems, which the organization says are a separate system with additional security measures that have not been breached.
IANA functions coordinate domain names with IP addresses to appropriately direct DNS requests to the appropriate server.
ICANN has a contract with U.S. Department of Commerce to maintain the IANA functions on behalf of the entire Internet community.
“During and after the attack, all critical functions hosted by ICANN, including the IANA functions, remained fully operational and unaffected by the attacker’s activities,” ICANN said in an update.
“ICANN employs multiple levels of protection for its most critical services. While the attackers were able to breach the outermost layer of defenses, our on-going investigation indicates our most critical systems were not affected.”

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.
More from Mike Lennon
- ‘No Evidence’ of Cyberattack Related to FAA Outage, White House Says
- SecurityWeek to Host 2022 ICS Cybersecurity Conference October 24-27 in Atlanta
- Google Completes $5.4 Billion Acquisition of Mandiant
- Cybersecurity Firm ZeroFox Begins Trading on Nasdaq via SPAC Deal
- HUMAN Security and PerimeterX Merge on Mission to Combat Bots
- Last Call: CFP for ICS Cybersecurity Conference Closes July 15th
- Johnson Controls Acquires Tempered Networks to Shield Buildings From Cyberattacks
- Snowflake Launches Cybersecurity Workload to Find Threats Across Massive Data Sets
Latest News
- Malicious NPM, PyPI Packages Stealing User Information
- VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities
- 98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis
- Dutch, European Hospitals ‘Hit by Pro-Russian Hackers’
- Gem Security Gets $11 Million Seed Investment for Cloud Incident Response Platform
- Ransomware Leads to Nantucket Public Schools Shutdown
- Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing
- Boxx Insurance Raises $14.4 Million in Series B Funding
