A hacking campaign linked to Iran appears to be targeting dozens of domains across the globe by way of DNS hijacking, a security firm said on Thursday.
The cyber firm FireEye said that the campaign has spread across the Middle East and North Africa, Europe and North America, affecting domains associated with governments as well as telecommunications and internet infrastructure entities.
“Preliminary technical evidence allows us to assess with moderate confidence that this activity is conducted by persons based in Iran and that the activity aligns with Iranian government interests,” the company said in a blog post.
“While we do not currently link this activity to any tracked group, initial research suggests the actor or actors responsible have a nexus to Iran,” it added.
FireEye said it based the determination on Iranian IP addresses that were “previously observed during the response to an intrusion attributed to Iranian cyber espionage actors” as well as the victims impacted by the campaign.
“The entities targeted by this group include Middle Eastern governments whose confidential information would be of interest to the Iranian government and have relatively little financial value,” it said.
Iran’s cyber activity gained increased scrutiny ahead of the 2018 midterm elections, after Facebook announced that it shuttered hundreds of pages tied to foreign governments. Many of the pages — as well as accounts shut down on Twitter and Google — linked to the government of Iran, Facebook said.
FireEye first flagged the suspicious accounts to Facebook, and determined that certain accounts that had been sharing links to stories from a news site were fake.
You must be logged in to reply to this topic.