Hackers take control of the Perl programming language web domain

A recent security report indicates that the domain Perl.com, the official communication platform of the developers of the Perl programming language, would have been stolen. According to Brian Foy, a programming language expert, an unidentified threat actor took control over the platform this January 28.

As users may remember, Perl is a popular programming language designed by Larry Wall more than 30 years ago. Perl takes characteristics of the C language, the interpreted language bourne shell, AWK, thirst, Lisp and, to a lower degree, many other programming languages.  By using the platform Perl.com, enthusiasts of this programming language can interact with a whole community of experts to share information, resolve questions about the use of this tool and more.

Through Reddit, the specialist mentioned: “We are still trying to determine exactly what happened here. While we can’t provide any more details as the investigation is ongoing, we believe it’s an account hack incident and we don’t know how long it can be fixed.” The expert mentions that the perl.org and perl.com are not related to this incident, as they have different legitimate registrants.

La imagen tiene un atributo ALT vacío; su nombre de archivo es perl29012021.jpg

About the compromised website, threat actors posted a message announcing the sale of the domain, as well as enlisting the registrar’s contact details. Although this suggests that registration has expired, domain owner Tom Christiansen mentions that Perl domain will remain in effect until at least 2030.

It is not yet known what method the malicious hacker used to compromise the security of this platform, although researchers believe this incident is related to a recent wave of cyberattacks against certain web domains. The cybersecurity community mentions that compromised websites include patterns.com, chip.com and neurologist.com, among others.

The expert tried to ask the cybersecurity community for help in trying to recover the compromised website, a request that is still waiting to be answered: “We are looking for people with experience handling security incidents in order to recover this website; if you have any idea how this attack happened, contact Perl’s security team,” Foy concludes. A Reddit forum has already been enabled to receive feedback.

For more information on security incidents, vulnerabilities, exploits, malware variants, cyberattacks and information security courses, feel free to access the International Cyber Security Institute (IICS) website.