A hacking campaign linked to Iran appears to be targeting dozens of domains across the globe by way of domain name system (DNS) hijacking, a security firm said Thursday.
The cyber firm FireEye said the campaign has spread across the Middle East and North Africa, Europe and North America, affecting domains associated with governments as well as telecommunications and internet infrastructure entities.
“Preliminary technical evidence allows us to assess with moderate confidence that this activity is conducted by persons based in Iran and that the activity aligns with Iranian government interests,” the company said in a blog post.
“While we do not currently link this activity to any tracked group, initial research suggests the actor or actors responsible have a nexus to Iran,” it added.
FireEye said it based the determination on Iranian IP addresses that were “previously observed during the response to an intrusion attributed to Iranian cyber espionage actors” as well as the victims impacted by the campaign.
“The entities targeted by this