Vietnam’s No.2 webhost restores services after security breach

PA Vietnam, a Vietnam Government affiliate and the second largest hosting company in the country, saw over 10,000 websites being crippled after the provider’s .COM and .NET Top Level Domains (TLDs) were hijacked by attackers on Sunday, 27th of July. The crippled websites used the provider’s domain name servers (DNS) that were registered under the hijacked domains. 

According to VNCERT, the country’s National Computer Emergency Response Team:

“It’s believed the hackers broke in through a hole in DNS to control the administration,”
-VNCERT Technical Branch Chief -  Do Ngoc Duy Trac.

The good news is that PA Vietnam has been able to restore 90% of the websites that lost connectivity as a result of this attack by shifting to a different DNS.

This attack is definitely not related to the recent DNS vulnerability as there was a switch in domain name registrars; archived whois records for PAVietnam.com can be found here. A quick glance at the whois records and it is transferred over from Enom to OnlineNIC.

Was this really yet another DNS hole or just an insider attack? Feel free to post your views.