Newsroom

Brian Krebs reported that the St. Louis Federal Reserve Bank on Monday told banks that attackers hijacked its domain name servers in late April to redirect users to a web page they set up to infiltrate communications between the Fed bank and its client institutions.

Krebs said the Fed bank's message to its client banks was "shared by an anonymous source" and "verified as legitimate by a source at another regional Federal Reserve location."

According to Krebs, the St. Louis Fed told banks it became aware of the attack April 24. It said hackers "manipulated routing settings at a domain name service (DNC) vendor used by the St. Louis Fed so that they could automatically redirect some of the Bank's web traffic that day to rogue webpages they created to simulate the look" of the Fed banks' research.stlouisfed.org website.

Krebs said the St. Louis Fed hasn't responded to requests for comment. He said the advisory warned that those redirected to one of the phony websites "may have been unknowingly exposed to vulnerabilities that the hackers may have put there, such as phishing, malware and access to user names and passwords."

It said the Fed bank's website was not compromise and said users, next time they visit, will be asked to change their passwords and ensure new ones are "strong, unique and different" from any others they use.