|
|
|
Iran-based group behind 'unprecedented' global hacking: FireEye
|
|
|
|
Top Stories |
|
|
|
|
IANS | 11 Jan, 2019
Iran-based cyber criminals are likely behind a sophisticated
"unprecedented" hacking campaign targeting entities across the Middle
East and North Africa, Europe and North America, according to US
cybersecurity firm FireEye.
The researchers at FireEye have
identified a wave of DNS (Domain Name System) hijacking that has
affected dozens of domains belonging to government, telecommunications
and internet infrastructure entities.
"While we do not currently
link this activity to any tracked group, initial research suggests the
actor or actors responsible have a nexus to Iran," FireEye said in a
blog post on Thursday.
"Preliminary technical evidence allows us
to assess with moderate confidence that this activity is conducted by
persons based in Iran and that the activity aligns with Iranian
government interests," researchers wrote in the blog.
The hacking campaign has targeted victims across the globe on an almost unprecedented scale, with a high degree of success.
The
teams at FireEye tracked the activity for several months -- mapping and
understanding the innovative tactics, techniques and procedures (TTPs)
deployed by the attacker.
They also worked closely with victims,
security organisations and law enforcement agencies where possible to
reduce the impact of the attacks and/or prevent further compromises.
"While
this campaign employs some traditional tactics, it is differentiated
from other Iranian activity we have seen by leveraging DNS hijacking at
scale. The attacker uses this technique for their initial foothold,
which can then be exploited in a variety of ways," explained
researchers.
A large number of organisations have been affected
by this pattern of DNS record manipulation and fraudulent SSL (Secure
Sockets Layer) certificates.
"They include telecoms and ISP
providers, internet infrastructure providers, government and sensitive
commercial entities," said FireEye.
This type of attack is
difficult to defend against, because valuable information can be stolen,
even if an attacker is never able to get direct access to an
organisation's network.
"Implement multi-factor authentication
on your domain's administration portal, search for SSL certificates
related to your domain and revoke any malicious certificates, conduct an
internal investigation to assess if attackers gained access to your
environment," suggested researchers.
|
|
|
|
|
|
|
|
|
|
|
|
|
Customs Exchange Rates |
Currency |
Import |
Export |
US Dollar
|
66.20
|
64.50 |
UK Pound
|
87.50
|
84.65 |
Euro
|
78.25
|
75.65 |
Japanese
Yen |
58.85 |
56.85 |
As on 13 Aug, 2022 |
|
|
Daily Poll |
|
|
PM Modi's recent US visit to redefine India-US bilateral relations |
|
|
|
|
|
Commented Stories |
|
|
|
|
|
|
|
|