Attackers believed to be working out of Iran have manipulated the DNS records of dozens of organizations around the globe to intercept and record their network traffic in what appears to be a large and growing espionage campaign.
Among those affected are commercial entities, government organizations, Internet infrastructure providers, and telecommunications firms in North America, North Africa, and the Middle East.
FireEye, which has been tracking the threat for the last several months, this week described the DNS hijacking campaign as notable for its almost unprecedented scale.
In a report yesterday, the security vendor said that it has so far not been able to attribute the attacks to any particular threat group. However, available evidence — including IP addresses and the machines used to intercept, record, and forward network traffic — suggest the attacker is based in Iran. Some of the organizations that the group has targeted so far, including governments in the Middle East, are also entities that would be of interest to the Iranian government, according to FireEye.