* [Blog](https://www2.paloaltonetworks.com/blog)
* [Network Security](https://www2.paloaltonetworks.com/blog/network-security/)
* [Network Perimeter](https://www2.paloaltonetworks.com/blog/network-security/category/network-perimeter/)
* Getting to Know DNS Hijac...

# Getting to Know DNS Hijacking: How Adversaries Continue to Abuse DNS

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fdns-hijacking-threat-actors%2F)  
[](https://twitter.com/share?text=Getting+to+Know+DNS+Hijacking%3A+How+Adversaries+Continue+to+Abuse+DNS&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fdns-hijacking-threat-actors%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2Fnetwork-security%2Fdns-hijacking-threat-actors%2F&title=Getting+to+Know+DNS+Hijacking%3A+How+Adversaries+Continue+to+Abuse+DNS&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/network-security/dns-hijacking-threat-actors/&ts=markdown)  
\[\](mailto:?subject=Getting to Know DNS Hijacking: How Adversaries Continue to Abuse DNS)  
Link copied  
By [Ashraf Aziz](https://www.paloaltonetworks.com/blog/author/ashraf-aziz/?ts=markdown "Posts by Ashraf Aziz")  
Apr 03, 2024  
5 minutes  
[Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown)  
[DNS](https://www.paloaltonetworks.com/blog/tag/dns/?ts=markdown)  
[DNS Attacks](https://www.paloaltonetworks.com/blog/tag/dns-attacks/?ts=markdown)  
[threat actors](https://www.paloaltonetworks.com/blog/tag/threat-actors/?ts=markdown)

Accessing a site today should be as straightforward as sending a letter to a trusted friend across the country. Imagine corrupted postal workers swapping out your heartfelt letter with something more hostile and rude. The reliable process of the postal system is often something we take for granted. Similarly, the same can be said for accessing a website. Threat actors today have made the simple act of requesting a legitimate site a major risk for organizations everywhere due to the emergence of DNS Hijacking.

DNS hijacking occurs when a user's DNS query is incorrectly resolved and they are redirected to an attacker's server. There are many techniques adversaries can use to carry out this attack, including:

* **DNS Spoofing** - An attacker compromises a DNS resolver and redirects users to a malicious site through the DNS response.
* **DNS Cache Poisoning** - Attackers exploit DNS vulnerabilities outside of an organization's control and inject false information into the DNS cache, allowing them to redirect a user's legitimate DNS query to a malicious site through the DNS response.
* **DNS Injection** - Attackers inject malicious payload in a DNS response to exploit any known vulnerabilities inside an organization.
* **Compromised DNS Registrar** - Attackers compromise DNS Registrar accounts, either by exploiting vulnerabilities or through unauthorized access, allowing them to redirect traffic to a malicious site.

In addition to these techniques, if your DNS is not configured correctly, attackers can take advantage of these misconfigurations to take control of a domain and gain access into a network. These include:

* **Incorrect DNS Records** - DNS records containing typos.
* **Stale DNS Records**- DNS Records pointing to expired resources.
* **Non-resolvable Domains** - Hosts incorrectly configured or not configured at all due to default settings that point to non-resolvable domains.

An example of how attackers can abuse DNS responses occurred recently when a number of Dutch IT and Telecom companies were targeted by a threat actor group known as Sea Turtle. This group compromised various DNS registrars and registries, and from as early as January 2017, they've redirected victims who attempted to reach a specific domain to their malicious server where they were then able to harvest credentials.

These techniques allow an attacker to covertly shepherd unknowing users to their malicious site by manipulating DNS responses, making DNS hijacking extremely disruptive and hard to detect. However, in addition to DNS Hijacking, attackers are exploiting an organization's DNS misconfigurations, such as poor hygiene in regards to managing and setting up DNS records. Attackers will continuously scan for these misconfigurations and then take ownership of a once legitimate domain. Unfortunately, this approach has become so successful due to organizations relying on a slow and manual process to manage their misconfigured DNS records, giving attackers ample time to identify and take control of their domain. For example, in recent news, a software supply chain attack called MavenGate impacted a number of public and popular libraries used in Java and Android applications. Unfortunately, these libraries were left abandoned, allowing attackers to take advantage of DNS misconfigurations and exploiting vulnerabilities in domain name purchases. Attackers were able to purchase expired domains and manipulate repositories and inject malicious code into applications or the build process, compromising the security and functionality of applications.

The industry's response to stopping DNS hijacking is simply ineffective. Traditional security vendors solely rely on a reactive approach to security and only analyze DNS responses offline using third-party tools. Alternatively, organizations today rely on a very slow and manual process to manage their misconfigured DNS records. This gives attackers ample time to take control of an organization's expired domains and use it to host their malicious content.

With the industry's lack of protection against DNS Hijacking attacks, attackers are increasingly using it as a means to breach an organization.[In fact, studies show that 33% of organizations fell victim to a DNS Hijacking attempt in 2023.](https://efficientip.com/resources/cyber-threat-intelligence-idc-2023-global-dns-threat-report/) To make matters worse, research has discovered that [20% of DNS records are misconfigured and are therefore left vulnerable to hijacking](https://efficientip.com/resources/cyber-threat-intelligence-idc-2023-global-dns-threat-report/). And these numbers are only expected to continue rising in the absence of a well-equipped solution that can inspect DNS responses inline and automate DNS configuration management.

In order for organizations to scale, they must ensure that they can deliver a safe and reliable web experience for all of their users, and this means that their DNS traffic must be protected. DNS hijacking poses a significant threat to both individual users and businesses alike, undermining the integrity and security of the internet's infrastructure. And as we increasingly rely on the use of the internet for business productivity, it is essential that all organizations feel confident in DNS security solutions. By being aware of DNS hijacking, organizations can minimize the risk of a DNS-layer breach and protect their users and data. To learn more about DNS hijacking and how Palo Alto Networks can stop it, be sure to visit [Paloaltonetworks.com](http://paloaltonetworks.com) and ask to be contacted by one of our representatives.

*** ** * ** ***

## Related Blogs

### [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Real-world Examples Of Emerging DNS Attacks and How We Must Adapt](https://www2.paloaltonetworks.com/blog/2021/05/netsec-dns-attacks/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Hybrid Cloud Data Center](https://www.paloaltonetworks.com/blog/network-security/category/hybrid-cloud-data-center/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Strata Network Security Platform](https://www.paloaltonetworks.com/blog/network-security/category/strata-network-security-platform/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Palo Alto Networks Leads the Way with Quantum and Multicloud Security](https://www2.paloaltonetworks.com/blog/2025/08/paves-way-for-quantum-ready-security/)

### [AI Security](https://www.paloaltonetworks.com/blog/category/ai-security/?ts=markdown), [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Data Security](https://www.paloaltonetworks.com/blog/network-security/category/data-security/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown), [Partners](https://www.paloaltonetworks.com/blog/category/partners/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)

[#### Palo Alto Networks Prevents Data Loss at Enterprise Scale with NVIDIA](https://www2.paloaltonetworks.com/blog/2024/10/data-loss-at-enterprise-scale-with-nvidia/)

### [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Uncategorized](https://www.paloaltonetworks.com/blog/category/uncategorized/?ts=markdown)

[#### Strengthening Your DNS Protection with Advanced DNS Security](https://www2.paloaltonetworks.com/blog/network-security/precision-ai-advanced-dns/)

### [Data Security](https://www.paloaltonetworks.com/blog/network-security/category/data-security/?ts=markdown), [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Network Perimeter](https://www.paloaltonetworks.com/blog/network-security/category/network-perimeter/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### Improving Phishing Detection, DNS and Industrial OT Security: The Always Innovating Series](https://www2.paloaltonetworks.com/blog/network-security/always-innovating-network-security-platform/)

### [IoT Security](https://www.paloaltonetworks.com/blog/network-security/category/iot-security/?ts=markdown), [Next-Generation Firewalls](https://www.paloaltonetworks.com/blog/network-security/category/next-generation-firewalls/?ts=markdown), [Zero Trust Security](https://www.paloaltonetworks.com/blog/network-security/category/zero-trust-security/?ts=markdown)

[#### 5 Common Cybersecurity Threats and How to Prevent Them](https://www2.paloaltonetworks.com/blog/network-security/5-common-cybersecurity-threats/)

### Subscribe to Network Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language