The Trump Organization experienced a major breach in 2013 but didn't learn of the compromise until this week.

Dark Reading Staff, Dark Reading

November 2, 2017

1 Min Read

Hackers compromised the Trump Organization in a major security breach four years ago, and the company just found out, a new report states. The compromise started as early as 2013.

An attacker, or attacker group, accessed the Trump Organization's domain registration account. There, they created at least 250 "shadow" subdomains, each of which points to a Russian IP address. The creation of these subdomains is documented in publicly available domain records.

Most of the subdomains were active until this week, a sign the company had not made any effort to eliminate them. If they had known about the breach, the Trump Organization should have removed the subdomains as soon as possible. Security researcher C. Shawn Eib says this is "sloppy at best" and "potentially criminally negligent at worst," depending on the servers' traffic.

The compromise could have let the attackers launch attacks from the company's domains and potentially let them get into the Trump Organization's network. The subdomains and their IP addresses have been linked to possible malware campaigns, and have been marked by researchers as potentially associated with malware.

Read more details here and here.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights