Iran implicated in DNS hijacking campaign around the world
Security researchers have identified a global DNS hijacking campaign, which they say is likely the work of Iranian hackers.
According to researchers from FireEye's Mandiant Incident Response and Intelligence team, the DNS hijacking campaign targeted entities for the past two years across the Middle East and North Africa, Europe and North America "on an almost unprecedented scale, with a high degree of success."
FireEye said the DNS hijacking campaign manipulated DNS records -- some evidence of which Cisco Talos had observed previously -- and used DNS redirectors to attack "telecoms and ISP providers, internet infrastructure providers, government and sensitive commercial entities." Based on the entities targeted and the IP addresses of the attackers, FireEye wrote in a blog post it could "assess with moderate confidence that this activity is conducted by persons based in Iran and that the activity aligns with Iranian government interests."