An unknown hacker group carried out an attack on several sites in Sri Lanka’s ccTLD .LK over the weekend. The attackers used DNS cache poisoning, in which fake data replaces the IP address information of certain websites on DNS resolvers. As a result, these sites redirect users to fraudulent pages. According to media reports, the attack mainly targeted local news outlets and local companies' websites, but it also affected a number of major websites, including Google.lk and Oracle.lk.
Visitors to all these sites were directed to a page where the organizers of the attack posted political slogans. They denounced corruption in the government and the justice system, as well as social injustice in the tea-growing industry (the main branch of the country's economy) and the oppression of national and religious minorities. The attack took place just two days after Sri Lanka's Independence Day celebrations on February 4. NIC.lk, the country’s .LK registry, acknowledged the incident, but did not provide any additional details. The attack was resolved several hours later, according to ZDNet.