Iranian hacker going with the handle ‘Mr.XHat’ defaced Tajikistan’s domain for high profile websites including, Google, Yahoo, Twitter and Amazon. The hacked website was defaced with a simple deface page shown in the screenshot below:
The websites were defaced as the result of change in DNS record of the sites. in a report published by thehackernews hacker confirmed that he managed to hack into Domain registrar of Tajikistan (domain.tr) using Traversal Vulnerability present in the website.
Screenshot showing hacker having access to the Company’s website domain information
Hacker then changed the Company’s (Google, Twitter) email from MySql Database to his own, and then proceeded with the recovery instructions sent to his email.
Using new password sent to his email, after following the password restoration mail, hacker gained access to Company’s domain Admin panel, and finally updated the DNS address, which caused the defacement of Google (google.com.tj), Twitter (twitter.tj), Yahoo (yahoo.tj) and Amazon (amazon.tj)
At the time of writing the Article, all the websites were restored, you can check on the mirror from the link provided below: