Cyber Incident Victim: Oracle.lk

On February 6, 2021, a hacktivist group compromised multiple Sri Lankan websites using the .lk country-code top-level domain by poisoning their DNS records. The attack redirected visitors to a defacement page displaying a message addressing social and political grievances in Sri Lanka, including criticisms of the tea-growing industry, press freedom restrictions, alleged political and judicial corruption, and racial, religious, and minority discrimination issues. This incident occurred two days after Sri Lanka’s national independence day on February 4, contextualizing the nationalistic tone of the message. Among the affected domains were high-profile sites such as Google.lk and Oracle.lk, alongside local business and news websites. The defacement impacted users for several hours, with social media users documenting the redirects during this period.

NIC.lk, the registry managing Sri Lanka’s .lk domain namespace, acknowledged the incident on its website, stating an issue arose in the .LK Domain Registration System early on February 6 affecting "a few domains." The organization resolved the problem by approximately 8:30 a.m. local time the same day. The Telecommunications Regulatory Commission of Sri Lanka also confirmed the attack via an official tweet. Neither entity disclosed technical specifics about the attack vector, the total number of compromised domains, or definitive attribution. NIC.lk did not respond to media inquiries seeking further details. The incident’s operational impact was limited due to its short duration, though it drew public attention through social media discussions and temporary disruptions to affected websites. No additional consequences, such as data breaches or extended downtime, were reported in the available source material.