Lenovo’s woes continue after attackers took control of its website, which allowed to intercept company emails and redirect visitors to other sites. The website has been taken down, and Lenovo is still working on getting it working again.
The hijack happened after hackers compromised the Lenovo account at the Web Commerce Communications, allowing them to redirect visitors to another website after they attempt to visit Lenovo.com. This also caused all email directed to the domain to be redirected as well. Security firm CloudFlare noticed that the IP address of the redirected site was hosted on their servers, and promptly seized the account.
As usual, LizardSquad has claimed responsibility for the attack. Although this time the group has posted screenshots of emails meant for the Lenovo’s internal PR team. This is one of the rare times that the LizardSquad has provided proof that it was involved in an attack; despite this, there is still doubt that the group is genuinely behind it.
Lenovo has issued a statement saying that its domain name server was hacked, but has no additional information to share.
It is suspected that the attack was done in response to news that Lenovo was installing ad-injecting software into its laptops. Software that broke secure connections, and would potentially allow third parties to spoof any website while by passing security checks put in place by most web browsers. Many users were outraged when the story broke, causing the company to issue an apology and provide a way to remove the Superfish software.
[Source: Ars Technica]