Attackers altered the domain name system (DNS) records for Lenovo.com on Wednesday, allowing them to spoof the computer manufacturer’s website and gain access to the company’s MX mail server records.

Following the attack, users who visited Lenovo’s company page saw a teenager’s slideshow, with the song “Breaking Free” from Disney’s High School Musical playing in the background.

The hijack occurred as a result of the attackers compromising a Lenovo account at Website Commerce Communications Ltd. dba Webnic.cc. By using a command injection vulnerability to upload a rootkit, as reported by Brian Krebs, the attackers were able to access the DNS records at Webnic.cc, which they then leveraged to change the IP address that is called when users visit Lenovo’s site.

According to security researchers at content delivery network CloudFlare, the attackers used servers under CloudFlare’s control to redirect visitors to two IP addresses hosted by Digital Ocean, a company based in the Netherlands.

During this time, the attackers further exploited their access to read through emails sent to Lenovo employees. Some of these mail server records were then posted on Lizard Squad’s (@LizardCircle) Twitter account, as the screenshot below demonstrates:

Many reports allege that Lizard Squad was behind the attack, pointing to a statement posted on Lenovo’s spoofed website on Wednesday that read: “the new and improved rebranded Lenovo website featuring Ryan King and Rory Andrew Godfrey.” A number of media outlets have identified these two individuals as part of Lizard Squad in the past. However, Krebs challenges this assumption and reports that both King and Godfrey were once members of the hacker collective Hack the Planet and are now actively trying to undermine Lizard Squad.

As of this writing, Lenovo’s website has been restored to normal.

Ken Westin, senior security analyst at Tripwire, believes this attack may be in retaliation for revelations regarding the discovery of Superfish adware being installed on Lenovo computers.