Quick Hits

Trump Organization Likely Unaware of 2013 Security Breach

The Trump Organization experienced a major breach in 2013 but didn't learn of the compromise until this week.

Hackers compromised the Trump Organization in a major security breach four years ago, and the company just found out, a new report states. The compromise started as early as 2013.

An attacker, or attacker group, accessed the Trump Organization's domain registration account. There, they created at least 250 "shadow" subdomains, each of which points to a Russian IP address. The creation of these subdomains is documented in publicly available domain records.

Most of the subdomains were active until this week, a sign the company had not made any effort to eliminate them. If they had known about the breach, the Trump Organization should have removed the subdomains as soon as possible. Security researcher C. Shawn Eib says this is "sloppy at best" and "potentially criminally negligent at worst," depending on the servers' traffic.

The compromise could have let the attackers launch attacks from the company's domains and potentially let them get into the Trump Organization's network. The subdomains and their IP addresses have been linked to possible malware campaigns, and have been marked by researchers as potentially associated with malware.

Read more details here and here.

Editors' Choice
Jai Vijayan, Contributing Writer, Dark Reading
Kelly Jackson Higgins 2, Editor-in-Chief, Dark Reading