CAPEC-585: DNS Domain Seizure
In this attack pattern, an adversary influences a target's web-hosting company to disable a target domain. The goal is to prevent access to the targeted service provided by that domain. It usually occurs as the result of civil or criminal legal interventions.
Last updated
Overview
CAPEC-585 (DNS Domain Seizure) is a detailed-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.
What the attacker needs
Prerequisites
- This attack pattern requires that the adversary has cooperation from the registrar of the target domain.
Consequences
What a successful CAPEC-585 attack can achieve.
Other
Affects: Availability
Disabling a target domain at the infrastructure level denies the availability of its service to the user.
Examples
The FBI's seizure of gambling websites, the US DOJ's seizure of child pornography websites, and Microsoft's seizure of all domains owned by the company No-IP in order to disrupt a cyberattack originating from a subset of those domains.