Global DNS Record Manipulation, Hijacking Campaign at Massive Scale Linked to Iran

By CircleID Reporter

A wave of DNS hijacking is reported to have affected dozens of domains belonging to government, telecommunications and internet infrastructure entities across the Middle East and North Africa, Europe and North America. The attack has targeted victims across the globe on an almost unprecedented scale, with a high degree of success, says cybersecurity firm FireEye. "While we do not currently link this activity to any tracked group, initial research suggests the actor or actors responsible have a nexus to Iran. ... While this campaign employs some traditional tactics, it is differentiated from other Iranian activity we have seen by leveraging DNS hijacking at scale. The attacker uses this technique for their initial foothold, which can then be exploited in a variety of ways."

The precise mechanism by which the DNS records were changed is unknown, says FireEye but believes at least some records were changed by compromising a victim's domain registrar account.

Related topics: Cyberattack, Cybersecurity, DNS, DNS Security, Domain Names