OODA Loop

Understand tomorrow, today.

Iran Has Launched ‘Malicious’ New Malware That Wipes Windows Computers, Warns IBM

Global Risk, News Briefs / by

IBM found that state-sponsored hacking group APT34 has deployed a new strain of malicious malware aimed at the industrial and energy sectors in the Middle East. APT34 was responsible for a phishing attack using LinkedIn earlier this year, but IBM claims that they are working with another group whose identity is currently unknown. Analysts have concluded that the use of wiper malware points towards notorious threat actor group APT33, also sponsored by Iran. The IBM X-Force team calls the wiper malware “ZeroCleare,” and stated that it bears similarity to Shamoon malware. ZeroCleare overwrites the Master Boot Record on Windows machines, while Shamoon misuses EldoS RawDisk to attack machines. Both malware types attack disk partitions.

The Iranian malware used RawDisk to damage disk partitions on networked devices, which has great potential to become a disastrous attack that could affect thousands of devices and take months to recover from. Iranian hacking groups have recently exhibited a sophisticated set of cyberweapons that target strategic industries, and while US entities are caught in the crosshairs, the Middle East is often an easier target. IBM stated that the attacks are low cost and have non-attributable means of conducting “warlike” activity, stating that it could damage highly specialized equipment and disrupt critical services.

Read More: Iran Has Launched ‘Malicious’ New Malware That Wipes Windows Computers, Warns IBM

About OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.