Malaysia Domain Registrar, MYNIC got Hacked again?

Over the past two days, several users claimed they received an email from MYNIC but the content of the email was not domain-related. MYNIC is the sole administrator for web addresses that end with .my domain in Malaysia. It is an agency under Ministry of Communications and Multimedia Malaysia (KKMM) and is regulated by Malaysian Communication and Multimedia Commission (MCMC).

On November 3, a number of Malaysians received the following email from MYNIC:

mynic compromised
Screenshot taken from the Twitter account of @zhoulhas (https://twitter.com/zhoulhas/status/926876271711109120 )

The email message from MYNIC reads:

Hi! You got me very interested. I would really like to know you closer!
I want to communicate with you and learn about your interest, hobbies.
I hope for mutual understand and possible reciprocity.

Actually, I would like to meet and talk with an interesting and nice man!

Drop me a line domogwerika[@]rambler[dot]ru

The suspicious email also contained an attachment named “Signature.txt“.

Based on the following screenshot, MalaysiaInternet was able to verify that the email was indeed sent from the MYNIC email server. On Twitter, MYNIC appears to have confirmed that the email was sent from their email server but asked the user to “disregard” the email.

https://twitter.com/TrialUserXP/status/926368239805800448

Contents of such suspicious email is nothing new. Such spam emails are attempts by scammers to trick users into giving out personal information such bank account numbers, passwords and credit card numbers.

According to a Facebook posting on November 4 seen by MalaysiaInternet (the FB posting has since been taken down), the person claims that client details, and corporate data of the domain registrar were compromised.

MYNIC has been compromised multiple times in the past as it failed to prevent attempts that breached its Domain Name Server (DNS). In 2013, websites of Microsoft, Dell, Skype, Kapersky, MSN, Bing were affected in July, followed by another one in the same year, in October which affected Google Malaysia domains. In April 2015, unauthorised modifications were made on its Domain Name Server (DNS) for several major websites, including Google Malaysia and Yahoo Malaysia.

At the time of writing, there are 327371 active MYNIC domains that ends with .my.

MalaysiaInternet has contacted MYNIC for more information.

UPDATE (6 November, 10am): MYNIC responded to us on Twitter saying:

No, we were not compromised. It was due to misconfiguration during upgrade on email system which allowed user to send email to mailing list.

Have a comment? Type it below!