The Iranian government is likely behind a sophisticated "unprecedented" hacking campaign targeting entities across the Middle East and North America, according to U.S. cybersecurity firm FireEye.
"Preliminary technical evidence allows us to assess with moderate confidence that this activity is conducted by persons based in Iran and that the activity aligns with Iranian government interests," researchers wrote in a Wednesday blog titled, "Global DNS Hijacking Campaign: DNS Record Manipulation at Scale."
The group has been hijacking domains since January 2017.
"The entities targeted by this group include Middle Eastern governments whose confidential information would be of interest to the Iranian government and have relatively little financial value," the researchers write. "A large number of organizations have been affected by this pattern of DNS record manipulation . . . They include telecoms and [Internet service providers], Internet infrastructure providers, government, and sensitive commercial entities."
FireEye said it observed three attack methods but it was "difficult to identify a single intrusion vector for each record change, and it is possible that the actor, or actors are using multiple techniques to gain an initial foothold into each of the targets."