French registrar Gandi admitted that DNS servers for 751 domains registered through Gandi were substituted. The details of the incident haven't been disclosed; however, Gandi spokesperson said that unknown criminals managed to get access to company's login details by hacking a network of one of its partners. The name of the partner hasn't been announced either; however, it is known that it was a technical provider that connected registrar with ccTLDs' registries.
As a result, organizers of the attack managed to change domain name servers' data for 751 domains in different ccTLDs including .AU, .CH, .JP and .SE. As a result, for approximately 11 hours traffic from these domains was redirected to malicious websites. At the moment, the problem has been eliminated; Gandi changed all login and password details, apologized to its clients and is conducting a full audit of its security systems to prevent the occurrence of such incidents in the future.
