IBM recently published a warning about Iran’s ‘malicious’ new malware, that supposedly targets Windows devices owned by industrial and energy sectors of the Middle East.A new report by IBM warns of Iran’s state-sponsored hackers’ new strain of “malicious malware,” which appears to be aiming at the Middle East’s industrial and energy sectors. The tech giant did not reveal which companies the malware is targeting, although they did say that Windows computers can be wiped out as part of the attack.
New Iranian wiper discovered in attacks on Middle Eastern companies https://t.co/p8P4eq8Hda by @thepacketrat— Ars Technica (@arstechnica) December 4, 2019
Continuing ConflictsThe targeted sectors and the nature of the attack are not particularly surprising, as Iran’s conflict with the US and its allies makes the reason behind the attack rather clear. According to IBM, the group responsible is likely APT34, which is known to be sponsored by the country’s government. However, IBM also believes that another group might be collaborating with APT34. The second group is still not identified, although researchers believe it is likely that they are also Iran-based.
Mysterious Second Group Could Be APT33APT34 is a group that security researchers around the world are well familiar with. The group had several big operations in 2019, one of which was an infamous phishing attack that used LinkedIn. As for the other group, researchers believe that it might be APT33. While this has yet to be confirmed, the use of the wiper malware and the choice of targets does point toward this group. APT33 made quite a few headlines over the years, itself. It was responsible for the attack on Microsoft Outlook earlier this year, in July. Their efforts even led to the publication of a warning by the US government. The group is also known for creating its own VPN in order to hide its attacks while targeting gas and oil sectors in the Middle East. One of their biggest attacks was in 2012, known as Shamoon attack, which targeted Saudi Aramco. Back then, hackers managed to delete data on almost all of the firm’s computers. As for the malware, it was named ZeroCleare, and it has a lot of similarities to the Shamoon malware, hence the suspicion that APT33 is involved. According to IBM, the attacks are low-cost, but also war-like, and they may result in disruption of critical services or serious damage to equipment.
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.