Gandi SAS

Gandi.net is a domain registrar based in France. The company provides domain name registration services to individuals and businesses seeking to establish an online presence. It also offers DNS management capabilities that allow customers to control how their domains resolve on the Internet. Gandi.net supports a wide variety of top-level domains, as demonstrated by an incident that involved 34 different TLDs. The registrar’s core business revolves around enabling customers to secure and maintain their online identities through domain ownership. Its services are accessed via an online platform that facilitates domain purchases, transfers, and configuration changes. The firm’s headquarters are located in France, anchoring its operations within the European regulatory environment.

In July 2017, Gandi.net experienced a security breach when an attacker obtained one of its backend passwords. The compromised credential allowed the intruder to make unauthorized DNS modifications for 751 customer domains. Those domains were spread across 34 top-level extensions, affecting a diverse set of customers. The altered DNS records redirected web traffic to malicious servers hosting the SCRT and RIG exploit kits. Although some redirections persisted for several hours due to DNS propagation delays, the hijacking window was relatively brief. Email services associated with the affected domains remained operational throughout the incident. Following the discovery, Gandi.net promptly invalidated all administrative credentials used for managing domain records. The registrar’s response included resetting passwords and reinforcing access controls to prevent further unauthorized changes.