FireEye reports that a multi-year, global campaign of hacking government, telecommunications and internet infrastructure systems has ties to Iran.
Why it matters: The previously untracked hacker group uses a technique known as "DNS hijacking," which is uncommon for campaigns of this scale.
DNS, or the Domain Name System, is sort of like the internet's equivalent of a telephone operator switchboard. It changes web addresses like "axios.com" to numeric internet addresses.
- DNS hijacking changes the record of domain names to point to different internet addresses, rerouting traffic to a different system the hackers have chosen.
Details: These attacks targeted dozens of victims in the Middle East and North Africa, Europe and North America, and were clustered between 2017 and the present.
- The hackers used internet addresses in the attack previously used in attacks attributed to Iran, which FireEye notes implies a connection to Iran..
- However, basing an attribution on internet addresses alone is not generally considered particularly strong, and FireEye is not ready to say outright that the attackers are Iranian.
