Connect with us

Hi, what are you looking for?



Lizard Squad Hijacks Lenovo Website, Emails

Lenovo is the latest high-profile victim of a DNS hijacking attack. Hackers managed to redirect website visitors to an arbitrary page and they intercepted emails sent to Lenovo staff.

Lenovo is the latest high-profile victim of a DNS hijacking attack. Hackers managed to redirect website visitors to an arbitrary page and they intercepted emails sent to Lenovo staff.

The attack was carried out by the notorious Lizard Squad group, which targeted Google Vietnam in a similar operation earlier this week. The attackers modified DNS records in Google and Lenovo domain registrar accounts in an effort to redirect users to defacement pages. According to OpenDNS, the pages were hosted on servers at Digital Ocean’s Netherlands datacenter.

In both attacks, the hackers replaced the regular nameservers with CloudFlare IP addresses. Experts believe this was done in order to obfuscate the IP address of the destination server and to balance the traffic load to the website. CloudFlare acted quickly to restore services.

While in the case of Google Vietnam the hackers simply redirected visitors to their defacement page, the attack on Lenovo appears to be more serious. The attackers also changed mail server records allowing them to intercept messages sent to Lenovo email addresses. Lizard Squad has published screenshots of two of the intercepted emails on Twitter. The hackers said they might publish other “interesting” emails later.

In the meantime, they published what appears to be an EPP code, the authorization key that is used when transferring a domain name from one registrar to another.

“Unfortunately, Lenovo has been the victim of a cyber attack. One effect of this attack was to redirect traffic from the Lenovo website. We are also actively investigating other aspects. We are responding and have already restored certain functionality to our public facing website,” Lenovo said in an emailed statement.

“We regret any inconvenience that our users may have if they are not able to access parts of our site at this time. We are actively reviewing our network security and will take appropriate steps to bolster our site and to protect the integrity of our users’ information and experience,” the company added. “We are also working proactively with 3rd parties to address this attack and we will provide additional information as it becomes available.”

Advertisement. Scroll to continue reading.

The attack on Lenovo appears to come in response to reports that the company had pre-installed risky Superfish adware on laptops. The story made headlines after researchers discovered that the Superfish application broke HTTPS browsing and allowed malicious actors to hijack users’ connections.

Lizard Squad hijacked Google Vietnam and Lenovo DNS records after breaching the systems of WebNIC, a Malaysia-based registrar. is offline at the time of writing, but Vietnam Internet Network Information Center (VNNIC) representatives told SecurityWeek earlier this week that the registrar has been working with Google to determine the cause of the breach.

“Two defacements in a single week is normally nothing, but two extremely high-profile defacements from the same registrar in the same week is a definite trend. We may see more redirections of domains that were registered with in the coming days,” Andrew Hay, director of security research at OpenDNS, told SecurityWeek.

OpenDNS believes it will likely be difficult to track down the attackers if they used a free CloudFlare account and stolen payment information to acquire hosting services from Digital Ocean.

The attack targeted at Lenovo shows that malicious actors don’t necessarily need to gain access to an organization’s corporate servers to cause damage. OpenDNS advises website owners to change their passwords frequently and, when possible, enable domain locking to avoid such redirections.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.