FireEye’s Mandiant Incident Response and Intelligence teams have identified a wave of DNS hijacking that has affected dozens of domains belonging to the government, telecommunications, and internet infrastructure entities across the Middle East and North Africa, Europe and North America. While they do not currently link this activity to any tracked group, initial research suggests the actor or actors responsible have a nexus to Iran. This campaign has targeted victims across the globe on an almost unprecedented scale, with a high degree of success.
Expert Comments below:
Emily Hacker, Security Researcher at DomainTools:
“DNS hijacking is a particularly dangerous attack technique due to the wide variety of malicious activity that it can facilitate. Whether the redirected traffic is used for phishing purposes, or in order to provide targeted advertisements to people using specific websites, it can be a powerful malicious tool in the wrong hands. The fact that these websites are associated with government and infrastructure targets and the attribution points in the direction of Iran, it is fairly likely that the aim of this hijacking campaign is espionage. This should be taken extremely seriously, and the organizations whose websites have been affected should take the necessary preventative measures in order to avoid further situations such as this.”
