Cyber Incident Victim: Google

On January 3, 2017, a hacker using the alias "Kuroi’SH" compromised Google Brazil’s primary domain (google.com.br) through DNS hijacking, rendering it inaccessible to Brazilian users. The attacker replaced the legitimate website with a defacement page containing a message claiming responsibility and taunting other hackers, specifically mentioning "Nofawkx" while dedicating the attack to associates "Prosox & Shinobi h4xor." The defaced site remained publicly visible for approximately 30 minutes before Google administrators took it offline. Unverified reports suggested concurrent breaches of Google Maps and Google Translate Brazil subdomains, though these claims lacked independent confirmation. Google acknowledged the incident via Twitter but did not disclose technical details or root causes during initial response efforts. Restoration attempts encountered difficulties, as the domain remained unavailable for an unspecified period after takedown.

The attack disrupted access to Google’s core services for Brazilian users during the outage window. Kuroi’SH later confirmed targeting Google Paraguay’s domain simultaneously but stated insufficient time to complete its defacement. When questioned by media outlet Hack Read, the hacker asserted the breach aimed to demonstrate universal vulnerability of online systems and highlight underestimated security risks. Historical context revealed Kuroi’SH had previously defaced NASA subdomains in 2015 to display pro-Palestinian messages. No evidence suggested data theft or secondary exploitation beyond the DNS hijacking and defacement. Google’s public communications remained limited to incident acknowledgment without subsequent elaboration on remediation steps or forensic findings.