Twitter website struck by ‘Iranian Cyber Army’ hackers

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

A hacking group calling itself the “Iranian Cyber Army” pulled off a coup for about an hour earlier today, redirecting visitors to the Twitter website to a page containing a green flag and Arabic writing:

Twitter website hacked

Fortunately there is no indication at this point that the page was carrying malicious code, and this attack appears to have had political motivations rather than being designed to steal confidential information from users.

Of course, just because a message saying

Sign up to our free newsletter.
Security news, advice, and tips.

This site has been hacked by Iranian Cyber Army

has beeen posted on a webpage does not necessarily mean that hackers from Iran are responsible for the defacement.

However, Twitter was widely used earlier this year by those wishing to share information about anti-government protests in the country earlier this year, and rumours spread in July that planned maintenance on the site was delayed to allow Iranians to continue to share information from inside the country as citizen journalists commented on the controversial election result.

Another part of the message read:

The USA thinks they control and manage internet access, but they don't. We control and manage the internet with our power, so do not try to the incite Iranian people.

Biz Stone of Twitter has posted a brief blog entry explaining that Twitter’s DNS records were compromised by an unauthorised party, meaning that anyone who tried to visit Twitter.com were instead taken to a third party site.

Twitter tweets about DNS security issue

If that’s right then it means that Twitter’s own servers weren’t necessarily breached by the hackers.

DNS records work like a telephone book, converting human-readable website names like twitter.com into a sequence of numbers understandable by the internet. What seems to have happened is that someone changed the lookup, so when you entered twitter.com into your browser you were instead taken to a website that wasn’t under Twitter’s control.

Just imagine what could have occurred if they had pointed people to a phishing site posing as Twitter (designed to steal login names and passwords) rather than a political message.

The question now is how did the hackers manage to change the DNS records for twitter.com? Could it be that cybercriminals managed to guess the passwords used to secure access to the information, and log in as though they were the administrators of Twitter’s DNS records?


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.