DNS Infrastructure Hijacking Campaign

**Executive Summary:** The CISA/NCCIC advisory details a global DNS hijacking campaign where attackers use compromised credentials to modify DNS records (A, MX, NS), redirect web and mail traffic to attacker-controlled infrastructure, and obtain valid TLS certificates to perform undetected man‑in‑the‑middle attacks; the report includes technical details, IOCs, and mitigation recommendations such as resetting registrar passwords, enabling multifactor authentication, auditing DNS records, and revoking fraudulent certificates.