ICANN is the “Internet Corporation for Assigned Names and Numbers“ - essentially the domain registrar for the world wide web. If you want a web domain you get it from them.
It's been reported that they have suffered a spear phishing attack which hit the “Centralized Zone Data System” and allowed administrative access to all files in it; public information in the ICANN GAC Wiki, and there was unauthorized access to user accounts on two other systems, the ICANN Blog (blog.icann.org) and the ICANN WHOIS (whois.icann.org) information portal.
Lancope's CTO, TK Keanini, said: "Readers should really consider themselves in the same boat here, as attacks like this are common and only increasing. The important measure here is how long it took them to discover the attack as the article noted that it happened in late November and was only discovered last week. Some companies don't identify the attacks for years so by that measure ICANN was on top of their game.
The people who are listed in these top level zones and everyone who is a DNS administrator should be on top alert because they are likely to be the next target in this spear phishing campaign. In fact, you just need to think about how you or your organization is connected to ICANN and its data and go about changing authentication or any other data if known by the adversary could be used for an attack. Start threat modeling and thinking like the attacker.
Attacker will continue to go after the critical infrastructure of the Internet because even small gains there can be leveraged for larger gains elsewhere. Even the attackers are limited with resource and time so they need to work strategically."