Domain Hijacking
What is Domain Hijacking?
Domain HijackingThe unauthorized takeover of control over a registered domain name at the registrar or registry level, allowing an attacker to redirect traffic, email, and trust to malicious infrastructure.
Domain hijacking happens when an attacker gains administrative control over someone else's domain — for example by compromising the registrant account, social-engineering the registrar, exploiting a registrar or registry vulnerability, or fraudulently transferring the domain to another registrar. With control of the domain, the attacker can change nameservers, DNS records, contact information, and SSL/TLS issuance, effectively impersonating the legitimate organization across web, email, and APIs. Defences include strong, MFA-protected registrar accounts, registry locks (clientTransferProhibited, clientUpdateProhibited, registry-level locks), CAA records to limit who can issue certificates, dedicated registrar contacts, monitoring of DNS and WHOIS, and incident playbooks that include the registrar's emergency processes.
● Examples
- 01
Attackers phish a domain owner's email, log into the registrar, and transfer the domain to attacker-controlled DNS to harvest credentials.
- 02
A registrar breach lets an adversary modify NS records for hundreds of customer domains.
● Frequently asked questions
What is Domain Hijacking?
The unauthorized takeover of control over a registered domain name at the registrar or registry level, allowing an attacker to redirect traffic, email, and trust to malicious infrastructure. It belongs to the Attacks & Threats category of cybersecurity.
What does Domain Hijacking mean?
The unauthorized takeover of control over a registered domain name at the registrar or registry level, allowing an attacker to redirect traffic, email, and trust to malicious infrastructure.
How do you defend against Domain Hijacking?
Defences for Domain Hijacking typically combine technical controls and operational practices, as detailed in the full definition above.