A company's employees report that when they try to access their online banking website, they are redirected to a page that looks identical to the real one but steals their login credentials. After investigation, it is found that the company's internal DNS server was compromised, causing users to be directed to a malicious IP address instead of the legitimate banking website. What type of attack has occurred?