Jan 10, 2019 - World

Report: Massive internet address hijacking spree has ties to Iran

Iranian President Hassan Rouhani (middle). Photo: Iranian Presidency/Getty Images

FireEye reports that a multi-year, global campaign of hacking government, telecommunications and internet infrastructure systems has ties to Iran.

Why it matters: The previously untracked hacker group uses a technique known as "DNS hijacking," which is uncommon for campaigns of this scale.

DNS, or the Domain Name System, is sort of like the internet's equivalent of a telephone operator switchboard. It changes web addresses like "axios.com" to numeric internet addresses.

  • DNS hijacking changes the record of domain names to point to different internet addresses, rerouting traffic to a different system the hackers have chosen.

Details: These attacks targeted dozens of victims in the Middle East and North Africa, Europe and North America, and were clustered between 2017 and the present.

  • The hackers used internet addresses in the attack previously used in attacks attributed to Iran, which FireEye notes implies a connection to Iran..
  • However, basing an attribution on internet addresses alone is not generally considered particularly strong, and FireEye is not ready to say outright that the attackers are Iranian.
Go deeper