Cyber Incident Victim: Google

On February 6, 2021, a hacktivist group compromised multiple Sri Lankan websites using the .lk country-code top-level domain, including high-profile domains such as Google.lk and Oracle.lk. The attackers altered DNS records to redirect visitors to a defacement page displaying a message addressing social and political grievances in Sri Lanka. This message specifically referenced concerns about the tea industry, press freedoms, alleged corruption within the political and judicial systems, and racial, religious, and minority discrimination issues. The timing coincided with Sri Lanka’s Independence Day celebrations on February 4, suggesting a symbolic motive. The attack impacted local business and news websites alongside the prominent international brand subdomains, though the exact number of affected domains remained undisclosed. NIC.lk, the registry managing the .lk domain space, detected the issue early that morning and initiated a response.

NIC.lk publicly acknowledged the DNS registration system compromise on its website, confirming resolution by approximately 8:30 a.m. on February 6 after several hours of disruption. The Telecommunications Regulatory Commission of Sri Lanka corroborated the incident via an official Twitter statement. No technical details regarding the attack vector or the perpetrators’ identity were released. Public awareness of the incident spread through social media, with local users documenting the temporary redirection of Google.lk and other domains before services were restored. The defacement did not involve prolonged downtime or reported data breaches, focusing instead on displaying the ideological message. NIC.lk declined to provide additional commentary when contacted by media outlets.