Not the first issue with the Congolese ccTLD. Enjoy the read:
How I hijacked the top-level domain of a sovereign state
Note: This issue has been resolved and the .cd ccTLD no longer sends NS delegations to the compromised domain.
TL;DR: Imagine what could happen if the country-code top-level domain (ccTLD) of a sovereign state fell into the wrong hands. Here’s how I (@Almroot) bought the domain name used in the NS delegations for the ccTLD of the Democratic Republic of Congo (.cd) and temporarily took over 50% of all DNS traffic for the TLD that could have been exploited for MITM or other abuse.
https://labs.detectify.com/2021/01/15/how-i-hijacked-the-top-level-domain-of-a-sovereign-state/
How I hijacked the top-level domain of a sovereign state
Note: This issue has been resolved and the .cd ccTLD no longer sends NS delegations to the compromised domain.
TL;DR: Imagine what could happen if the country-code top-level domain (ccTLD) of a sovereign state fell into the wrong hands. Here’s how I (@Almroot) bought the domain name used in the NS delegations for the ccTLD of the Democratic Republic of Congo (.cd) and temporarily took over 50% of all DNS traffic for the TLD that could have been exploited for MITM or other abuse.
https://labs.detectify.com/2021/01/15/how-i-hijacked-the-top-level-domain-of-a-sovereign-state/