DNShijacking

DNS hijacking is a term used to describe unauthorized manipulation of the Domain Name System (DNS) to redirect a user’s traffic from legitimate internet destinations to malicious ones. This can occur at various points in the DNS chain, including the domain’s authoritative records, the DNS hosting provider, recursive resolvers, or the end-user’s device. The result is that queries are answered with incorrect IP addresses, causing users to reach attacker-controlled servers instead of the intended sites.

Attack vectors include altering domain name records at a registrar or DNS provider so that an attacker

Impact typically includes credential theft, malware distribution, phishing, data breach exposure, financial loss, and reputational damage

Defensive measures emphasize securing registrar and DNS hosting accounts, using DNSSEC to provide authenticity of DNS