In early July 2023, JPCERT/CC confirmed a case of domain hijacking in which a domain used in Japan was unauthorizedly transferred to another registrar. This blog post describes the attack case. Attack overview Figure 1 shows the attack flow. The attacker first prepared a phishing site, which pretended to be a registrar on search site advertisements. Figure 1: the attack flow An attacker can steal account information and password (hereafter...

Read more

Happy holidays to all, this is Tetsuya from Watch and Warning Group. Today, I would like to share a recent, remarkable trend discovered through TSUBAME sensors. In TSUBAME, we have observed a significant increase in packets destined to 8080/TCP since December 5th, 2014. When accessing source IP addresses using a web browser, the admin login screen for NAS devices provided by QNAP was seen in many cases for IP addresses...

Read more

Hi there! This is Tetsuya Mizuno from Watch and Warning group. Today, I would like to introduce one of our activities: technical training through TSUBAME project. TSUBAME, headed by JPCERT/CC, is a project using a packet monitoring system which deploys sensors in multiple countries to detect wide-ranging malicious activities on the Internet (without collecting any sensitive data). The project is operated as one of the working groups of APCERT, and...

Read more