Domain hijacking - SparTech Software

Domain hijacking, also known as domain theft, is the act of gaining unauthorized control over a domain name without the consent of its legitimate owner. This typically involves changing the domain’s registration details, DNS records, or transferring the domain to another registrar, effectively locking out the original owner and granting the attacker full control of the domain and all its associated services.

Domain hijacking can occur through several methods, often exploiting technical vulnerabilities or human error. With Social Engineering, attackers use deception—such as phishing emails, fake phone calls, or fraudulent websites—to trick domain administrators or registrar support staff into revealing login credentials or authorizing changes to domain registration details. With Credential Compromise, attackers obtain the username and password for the domain registrar account—often through phishing, malware, or data breaches. A domain may be hijacked through Email Account Takeover since most domain registrars use email verification for account changes. Via Exploiting Registrar or DNS Vulnerabilities, attackers may exploit software vulnerabilities in the registrar’s systems or DNS infrastructure to gain unauthorized access to domain management functions. Finally, through Forged Transfers, attackers may initiate unauthorized domain transfers by impersonating the legitimate owner or exploiting weaknesses in registrar transfer procedures.

DNS hacking
Glossary: Hijacking
Hijacking in cybersecurity refers to a type of network security attack where a threat actor takes unauthorized control of computer systems, software programs, network communications, or user accounts. The attacker essentially “seizes” control, similar to how a physical hijacking involves taking over a vehicle or asset.

United States	~59% of ransomware attacks globally Thousands per year
Poland	1,000+ per week
Russia	Highest cybercrime threat level
China	Thousands per year
India	115% surge in attacks Q2 2024
Ukraine	Significant surge since 2022
Brazil	Among top countries for blocked attacks
Mexico	65% of businesses hit in 2024
Germany	High targeted rate (EU)
France	High targeted rate (EU)

AS Name	ASN
Bharat Sanchar Nigam Ltd	9829
No.31,Jin-rong Street	4134
CHINA UNICOM China169 Backbone	4837
DigitalOcean, LLC	14061
HUAWEI INTERNATIONAL PTE. LTD.	136907
Amazon.com, Inc.	14618
Alibaba (US) Technology Co., Ltd.	45102
Google LLC	396982
Amazon.com, Inc.	16509
3xK Tech GmbH	200373

IP Address	Notable Exploits/Context
104.238.159.149	SharePoint zero-day, broad exploitation
107.191.58.76	SharePoint zero-day, government targets
96.9.125.147	SharePoint, previously Ivanti exploits
139.162.47.194	Exploits on CitrixBleed 2
38.180.148.215	CitrixBleed 2 campaigns
185.224.128.17	High activity, Netherlands
89.248.163.200	High activity, Netherlands
15.235.218.150	Associated with APT, active C2
45.9.148.114	Associated with C2, malicious netflow
91.107.150.184	C2 infrastructure, recent IoC

Related