Cyber Incident Victim: Demand Media

On May 21, 2015, domain registrar eNom notified customers of a DNS hijacking attack targeting four domains under its management. Attackers altered DNS settings to redirect web traffic from legitimate domains to unauthorized destinations, though the specific domains affected were not disclosed. DNS configuration changes enabled the redirection by modifying IP address mappings for name servers, a technique that could facilitate malware distribution or credential harvesting through impersonated sites. eNom CEO Taryn Naidu characterized the incident as a "very sophisticated attack" but confirmed the hijacking lasted only briefly before mitigation. The company detected the breach rapidly, initiating containment within hours and notifying federal law enforcement. Investigations revealed no evidence of stolen domains, compromised customer accounts, or unauthorized access to sensitive information. eNom emphasized transparency by proactively informing customers despite the limited impact, though the attack date remained unspecified.

A separate but temporally proximate incident involved the St. Louis Federal Reserve, which reported on April 25, 2015, that attackers breached an unnamed DNS vendor to modify name server IP addresses, redirecting visitors to fraudulent webpages. The institution mandated password resets as a precaution. eNom served as the Federal Reserve’s domain registrar, creating circumstantial links between the two events, though no explicit confirmation of a connection existed. eNom’s disclosure did not reference the Federal Reserve incident or provide attack timelines, leaving the relationship unverified beyond overlapping disclosure dates. Both incidents demonstrated DNS hijacking risks but differed in confirmed consequences: eNom reported no data or domain loss, while the Federal Reserve implemented credential security measures. eNom’s mitigation included rapid traffic rerouting and law enforcement coordination, concluding with assurances of account and system integrity.