Iran Has Launched ‘Malicious’ New Malware That Wipes Windows Computers, Warns IBM
IBM found that state-sponsored hacking group APT34 has deployed a new strain of malicious malware aimed at the industrial and energy sectors in the Middle East. APT34 was responsible for a phishing attack using LinkedIn earlier this year, but IBM claims that they are working with another group whose identity is currently unknown. Analysts have concluded that the use of wiper malware points towards notorious threat actor group APT33, also sponsored by Iran. The IBM X-Force team calls the wiper malware “ZeroCleare,” and stated that it bears similarity to Shamoon malware. ZeroCleare overwrites the Master Boot Record on Windows machines, while Shamoon misuses EldoS RawDisk to attack machines. Both malware types attack disk partitions.