You are here: Home » News-IANS » Business-Economy
Business Standard

Iran-based group behind 'unprecedented' global hacking: FireEye

IANS  |  San Francisco 

Iran-based cyber criminals are likely behind a sophisticated "unprecedented" hacking campaign targeting entities across the and North Africa, and North America, according to US cybersecurity firm

The researchers at have identified a wave of (Domain Name System) hijacking that has affected dozens of domains belonging to government, and

"While we do not currently link this activity to any tracked group, initial research suggests the or actors responsible have a nexus to Iran," said in a blog post on Thursday.

"Preliminary technical evidence allows us to assess with moderate confidence that this activity is conducted by persons based in and that the activity aligns with interests," researchers wrote in the blog.

The hacking campaign has targeted victims across the globe on an almost unprecedented scale, with a high degree of success.

The teams at FireEye tracked the activity for several months -- mapping and understanding the innovative tactics, techniques and procedures (TTPs) deployed by the attacker.

They also worked closely with victims, security organisations and law enforcement agencies where possible to reduce the impact of the attacks and/or prevent further compromises.

"While this campaign employs some traditional tactics, it is differentiated from other Iranian activity we have seen by leveraging hijacking at scale. The attacker uses this technique for their initial foothold, which can then be exploited in a variety of ways," explained researchers.

A large number of organisations have been affected by this pattern of record manipulation and fraudulent (Secure Sockets Layer) certificates.

"They include telecoms and providers, internet infrastructure providers, government and sensitive commercial entities," said FireEye.

This type of attack is difficult to defend against, because valuable information can be stolen, even if an attacker is never able to get direct access to an organisation's network.

"Implement multi-factor authentication on your domain's administration portal, search for certificates related to your domain and revoke any malicious certificates, conduct an internal investigation to assess if attackers gained access to your environment," suggested researchers.



(This story has not been edited by Business Standard staff and is auto-generated from a syndicated feed.)

First Published: Fri, January 11 2019. 13:12 IST