Hacker collective Lizard Squad briefly redirected Google Vietnam users on Monday to a webpage selling cyberattack tools
Hacker collective Lizard Squad briefly redirected Google Vietnam users on Monday to a webpage selling cyberattack tools OpenDNS

The domain name for Google's search engine in Vietnam, Google.com.vn, was briefly hacked and hijacked by the hacker collective Lizard Squad on 23 February and redirected users to a website selling cyberattack tools.

On the afternoon of 23 February, many users in Vietnam were unable to gain access to Google Vietnam, instead being reverted to a webpage hosted by US private server provider DigitalOcean showing a Caucasian man holding an iPhone, together with the message:

"Hacked by Lizard Squad, greetz from antichrist, Brian Krebs, sp3c, Komodo, ryan, HTP & Rory Andrew Godfrey (holding it down in Texas)
Buy DDOS @ http://lizardstresser.su
Follow us on Twitter: @LizardCircle"

The message was offering to sell users a tool used to pull off distributed denial-of-service (DDoS) attacks, a type of cyberattack that can take websites offline.

A Google spokesperson told the Wall Street Journal: "For a short period today, some people had trouble connecting to google.com.vn, or were being directed to a different website.

"We've been in contact with the organisation responsible for managing this domain name and the issue should be resolved."

The hacker group also alerted users to the attack in a post on Twitter:

According to security firm OpenDNS, the IP address used in the hack was an IPv6 address. Google's Vietnamese DNS servers had been changed from pointing to Google name servers (ns1.google.com, ns2.google.com) to CloudFlare (,

IPv6 is a new version of the Internet Protocol that has been designed with the problem of IPv4 address exhaustion, since there are now far more IP addresses than were originally expected when the internet was commercialised in the 1990s.

"We're not sure if this was an attempt to 'confuse' network analysts and legacy tools or if this was simply a case of 'we don't care what IP address we get as we're mapping a domain name to it'," writes OpenDNS' senior security research lead and evangelist Andrew Hay in a blog post.

"We suspect that the use of IPv6 for malicious and fraudulent sites will become increasingly commonplace, especially as VPS providers stop giving customers the choice to select an IPv4 or IPv6 IP address for their server."

In the past, Lizard Squad has mostly restricted its DDoS attacks to game console networks such as Xbox Live and the Playstation Network.

However in January, the hacker collective disrupted access to Malaysian Airlines and also claimed responsibility for an hour-long outage on Facebook, Instagram and Tinder, which the social network has denied.