Hackers that appear to be based out of Iran and could be working to benefit the government there are targeting foreign websites on an “unprecedented scale,” a U.S. cybersecurity firm said Thursday.
The company, FireEye, said the domain name system, or DNS, hacking is targeting domains associated with government, telecommunications and Internet infrastructure groups in the Middle East, North Africa, Europe and North America.
FireEye said it traced the cyberattack to IP addresses previously linked to “Iranian cyber espionage actors.”
“Preliminary technical evidence allows us to assess with moderate confidence that this activity is conducted by persons based in Iran and that the activity aligns with Iranian government interests,” the company said in a blog post.
The attack, though, is different from other Iranian cyber tactics.
“It is differentiated from other Iranian activity we have seen by leveraging DNS hijacking at scale. The attacker uses this technique for their initial foothold, which can then be exploited in a variety of ways,” FireEye said.
In a DNS attack, hackers can intercept a web user’s access to particular websites, accessing any information they attempt to input to that site.
“The attacker uses this technique for their initial foothold, which can then be exploited in a variety of ways,” FireEye said.
The organizations targeted in the hacking, particularly those in the Middle East, hold information that would be important to Iran and of “relatively little financial value.”
“This campaign has targeted victims across the globe on an almost unprecedented scale, with a high degree of success,” FireEye said.