The attacks, targeting several countries to redirect traffic and harvest credentials, have been linked to Iran.
A wave of DNS hijacking attacks targeting victims in North America, Europe, Middle East and North Africa have been linked to Iran. The attacks, which have been ongoing over the past two years, have had “a high degree of success” harvesting targets’ credentials, according to researchers.
Researchers at FireEye said that the attacks were launched mainly against government, telecom and internet infrastructure firms. Attacks involved intercepting traffic from firms with the goal of harvesting victims’ usernames, passwords and domain credentials.