Thursday, May 15, 2025
HomeData BreachLeading IT Security Firm Fox-IT hit by Cyber Attack

Leading IT Security Firm Fox-IT hit by Cyber Attack

Published on

SIEM as a Service

Follow Us on Google News

Worlds Leading IT Security firm Fox-IT hitting by Man-in-the-Middle Cyber Attack and an attacker accessed the DNS records for the Fox-IT.com at their 3 rd party domain register.

This attack leads to spying some small amount of their customer’s activities and this incident has been active the total effective MitM time to 10 hours and 24 minutes.

man-in-the-middle attack is a form of eavesdropping in which an attacker intercepts and relays messages between two parties who are communicating directly with each other.

- Advertisement - Google News

In this case, Attacker has modified the Fox-IT DNS record and point out to their own server and to intercept and forward the traffic to the original server that belongs to Fox-IT.

Fox-IT client portal was the specific aim for the attacker where Fox-IT used it for an exchange of files with customers, suppliers and other organizations.

Also Read: Beware!! New Spider Ransomware Widely Spreading by using Office Documents

What Happened During this Cyber Attack

First unusual activities triggered on Sept 16, 2017, which contains a reconnaissance with Fox-IT infrastructure including port scans, vulnerability scans, and other scanning activities.

later attacker gain the access to the Fox-IT network and modified the DNS record of the fox-it.com domain.

In this case, Fox-IT believes that client portal still pointed out to Fox-IT legitimate Client portal server but attacker temporarily reroutes the attack and intercepted Fox-IT email for the specific purpose of proving that they owned Fox-IT domain in the process of fraudulently registering an SSL certificate for our ClientPortal.

Sept 19 2017, Fox-IT Experts realized that real MITM attack starts against their server. during this time the fraudulent SSL certificate for ClientPortal was in place and the IP DNS record for clientportal.fox-it.com was changed to point to a VPS provider abroad.

According to Fox-IT investigation, name servers for the fox-it.com domain had been redirected and that this change was not authorized. We changed the DNS settings back to our own name servers and changed the password to the account at our domain registrar

Later Fox-IT disables the two-factor authentication for their client portal to preventing users of ClientPortal from successfully logging in.

Also, Fox-IT kept the portal open to access for the attacker and they concern about not to disclose this activity to the attacker for taking time to investigate more.

“During the meantime of Sept 19 – Sept 20 2017, A full investigation into the incident was undertaken, along with notification of all clients that had files intercepted and the relevant authorities, including the Dutch Data Protection Authority Fox-IT said.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Coinbase Data Breach – Customers Personal Info, Government‑ID & Transaction Data Exposed

Coinbase, the largest cryptocurrency exchange in the United States, has disclosed a significant cybersecurity...

Inside Turla’s Uroboros Infrastructure and Tactics Revealed

In a nation-state cyber espionage, a recent static analysis of the Uroboros rootkit, attributed...

CISA Alerts on Five Active Zero-Day Windows Vulnerabilities Being Exploited

Cybersecurity professionals and network defenders, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has...

Intruder vs. Acunetix vs. Attaxion: Comparing Vulnerability Management Solutions

The vulnerability management market is projected to reach US$24.08 billion by 2030, with numerous...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Nucor Steel Manufacturer Halts Production After Cyberattack

Nucor Corporation, one of North America’s largest steel producers, has temporarily halted production at...

Customer Data Compromised in Dior Cyber Attack

Luxury fashion house Dior experienced a significant security incident when unauthorized external actors breached...

Marks & Spencer Confirms Customer Data Breach in Recent Cyber Attack

British retail giant Marks & Spencer has officially confirmed that customer personal data was...