By Jubin Katiraie
US cybersecurity firm FireEye has said that cyber criminals based in Iran are more than likely behind a highly sophisticated hacking campaign on a level that has never been seen before. The hacking campaign has targeted companies across Europe, North America and the Middle East and North Africa.
FireEye is a company that deals with cyber-crime at all levels. It describes its mission as being to “relentlessly protect our customers from the impact and consequences of cyber attacks”. To keep at the top of its game, the company has to keep up-to-date with the what is happening in the world of cybercrime and it is looking into the trends across the world.
This is not the first time Iran has been brought up with regards to cyber-attacks. Last year, it became apparent that Iran is getting increasingly sophisticated in its cyber-attacks.
In a recent blog post, FireEye said: “While we do not currently link this activity to any tracked group, initial research suggests the actor or actors responsible have a nexus to Iran. Preliminary technical evidence allows us to assess with moderate confidence that this activity is conducted by persons based in Iran and that the activity aligns with Iranian government interests.”
Researchers at the company have been able to identify a trend of Domain Name System (DNS) hijacking. So far, a handful of telecommunications and government domains have been affected. The victims are not isolated to one geographical area – they are located in different parts of the world.
The hackers appear to have been fairly successful in their attacks. Researchers at FireEye have been keeping a close eye on the tactics, techniques and procedures (TTPs) that the attackers have used. They are looking into the patterns of attacks and how they have been deployed in an attempt to understand the motivations and strategies that are said to be evolving.
The company has also been looking at the effects of the attacks so that it can understand the intentions of the hackers. This also allows the company to work with law enforcement. It also allows the company to put processes in place so that the companies are not victim to further attacks.
Speaking about the nature of the attacks, FireEye researchers said: “While this campaign employs some traditional tactics, it is differentiated from other Iranian activity we have seen by leveraging DNS hijacking at scale. The attacker uses this technique for their initial foothold, which can then be exploited in a variety of ways.”
The concern about these attacks is that important and confidential information is being taken and it is a type of attack that companies find difficult to defend themselves against.
Iran is in a very weakened position. It is facing continued domestic unrest and international pressure – mainly from the United States – which is starting to show real effects. It is working on other ways to spread its influence and undermine the international community, but it is also important that it is not undermined. Especially in this new way of waging war.