Some of the world’s biggest companies have major website security issues

Organizations' subdomains were hijacked as a result of outdated cloud DNS records

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Cybercriminals have taken over more than 240 website subdomains belonging to some of the world’s biggest brands and organizations in an effort to redirect users to malware, adult content, online gambling and other unexpected content.

As reported byThe Register, the organizations who had their subdomains hijacked include Chevron, the Red Cross, UNESCO, 3M,Arm, Warner Brothers, Honeywell, Toshiba, Xerox, NHS, Volvo, Siemens and others.

The problem is not that the websites of these businesses and organizations were hijacked but that theirDNSentries have been, due to the way they were hosted inMicrosoft’s Azure cloud.

This has been an ongoing problem for Azure-hosted sites and back in March of this year, Microsoft accidentally allowedhundreds of its own subdomainsto fall into the hands of spammers who used their reputation to try and rank higher in search results.

Hijacked subdomains

Hijacked subdomains

The list of hijacked subdomains shared withThe Registerwas created by US security researcher Zach Edwards who reported the URLs toMicrosoftas well as the affected organizations at the end of June.

According to Edwards, a large number of the subdomains on his list appear to have been taken over by a single group that has been operating for years. He provided further insight on his discovery to the news outlet, saying:

“They are used by an international criminal group who does lots of things with them. Some pages redirect to malware, some redirect to porn or casinos or other potential clients that pay them for inbound links, some direct to malicious chrome extensions, or cracked software. It’s clearly automated: they have hit tons of organizations, and uploaded tons of malware. I’ve warned a bunch of organizations that their biggest fear should be this legacy group partnering with some other group that is more destructive.”

Are you a pro? Subscribe to our newsletter

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

The group often tries to hide their presence after hijacking a subdomain by making the root URL show a 404 error or even a “coming soon message”. Edwards says that around 20 percent of the subdomains on his list have been shut down and Microsoft as well as the affected organizations are likely hard at work trying to shut down the rest.

ViaThe Register

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Sihoo Doro S100 ergonomic office chair review