VERY IMPORTANT

As SeaTurtle keeps on swimming with its DNS hijacking campaign—originally reported by Talos—it becomes increasingly important to monitor and examine your domains for indications of name server compromise. While security measures such as two-factor authentication, DNSSEC, and locking of your domains may be great steps, the actors behind SeaTurtle have shown that they can overcome all of those by moving laterally from tertiary vendors to exfiltrate signing certificates and credentials to DNS management services. Active monitoring is key, but additional research through passive DNS can reveal past attacks or suspicious activity on endpoints you may not normally be paying attention to in your infrastructure.