LK Domain Registry

In the early morning of Sat 6th February, we received an alert of unauthorised changes to some domain names in .lk. This was immediately investigated by our team, who determined that around 10 domain names had been modified to point to a new IP address. Access to the LK domain registration systems was restricted to prevent further damage. Once the changes were identified, our team immediately reverted the changes to their previous settings. This was completed within 90 minutes. This issue was immediately reported to our security partner, TechCERT, who started investigations together with the LK technical and the operations teams. It was identified that the changes were done remotely by accessing the Domain Registration system. TechCERT was able to identify that the incident was done by: compromising of the credentials of one system user account and bypassing of the restrictions which normally prevent the admin interface from being accessed from the Internet. There is no evidence of any other unauthorised access to our systems. We have also not found any evidence of changes to any .LK websites, or of any information being stolen from any other .LK websites. We have not found any substantial evidence that any malware had been distributed via the website pointed to by the attackers. However investigations are on-going.