Sunday, June 15, 2025
HomeComputer SecurityDNS Hijacking Campaign Targeting Various Organizations Around the Globe

DNS Hijacking Campaign Targeting Various Organizations Around the Globe

Published on

SIEM as a Service

Follow Us on Google News

A new wave of DNS Hijacking campaign targeting various domains organizations belonging to various government, telecommunications and internet infrastructure entities.

The campaign has targeted victims across the globe at an unprecedented scale at a high degree of success rate. Security researchers from FireEye tracked the activity for several months and the attackers explotiting it with high degree of success.

DNS hijacking is a type of Malicious attack that used to redirect the users to the malicious website when they visit the website via compromised routers or attackers modifying a server’s settings.

- Advertisement - Google News

According to researchers the campaign is active from January 2017 to January 2019 and the attack not carried out by a single actor based on the timeframes, infrastructure, and service providers.

“Technical evidence shows that attack carried out by threat actors in Iran and the entities targeted and the activity aligns with Iranian government interests.”

DNS Hijacking Campaign

Threat actors followed multiple techniques to manipulate the DNS records.

With the first method attackers log in with the DNS provider’s administration panel and attackers points the A record IP of the domain top a different IP address. Then attackers uses Let’s Encrypt certificate to establish a secure connection without any certificate errors.

In the second method attackers gained access to the server and they will change the nameserver details and implement proxies to listen all the ports.

Third technique involves DNS Redirector which responds to DNS requests, with the previously modified A and NS records to redirect victim’s traffic to the servers controlled by attackers.

Researchers said a number of the organization affected with the patterns of DNS record manipulations and fraudulent SSL certificates.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates also you can take the Best Cybersecurity courses online to keep your self-updated.

Cloudflare Announced Internet’s Fastest DNS Service 1.1.1.1 that Extremely Focus on Consumer Privacy

New Phishing Attack Taking Advantages of Vulnerability in Office 365 to Bypass all of Microsoft’s Security

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

Arsen Launches AI-Powered Vishing Simulation to Help Organizations Combat Voice Phishing at Scale

Arsen, the cybersecurity startup known for defending organizations against social engineering threats, has announced...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...

Credential Abuse: 15-Min Attack Simulation

Credential Abuse Unmasked

Credential abuse is #1 attack vector in web and API breaches today (Verizon DBIR 2025). Join our live, 15-min attack simulation with Karthik Krishnamoorthy (CTO - Indusface) and Phani Deepak Akella (VP of Marketing - Indusface) to see hackers move from first probe to full account takeover.

Discussion points


Username & email enumeration – how a stray status-code reveals valid accounts.
Password spraying – low-and-slow guesses that evade basic lockouts.
Credential stuffing – lightning-fast reuse of breach combos at scale.
MFA / session-token bypass – sliding past second factors with stolen cookies.

More like this

Kali Linux 2025.2 Released: New Tools, Smartwatch and Car Hacking Added

Kali Linux, the preferred distribution for security professionals, has launched its second major release...

NIST Releases New Guide – 19 Strategies for Building Zero Trust Architectures

The National Institute of Standards and Technology (NIST) has released groundbreaking guidance to help...

Spring Framework Flaw Enables Remote File Disclosure via “Content‑Disposition” Header

A medium-severity reflected file download (RFD) vulnerability (CVE-2025-41234) in VMware's Spring Framework has been...