A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System

A New Wiper Malware Was Behind Recent Cyberattack On Iranian Train System

A cyber attack that derailed websites of Iran's transport ministry and its national railway system earlier this month, causing widespread disruptions in train services, was the result of a never-before-seen reusable wiper malware called "Meteor."

The campaign — dubbed "MeteorExpress" — has not been linked to any previously identified threat group or to additional attacks, making it the first incident involving the deployment of this malware, according to researchers from Iranian antivirus firm Amn Pardaz and SentinelOne. Meteor is believed to have been in the works over the past three years.

"Despite a lack of specific indicators of compromise, we were able to recover most of the attack components," SentinelOne's Principal Threat Researcher, Juan Andres Guerrero-Saade, noted. "Behind this outlandish tale of stopped trains and glib trolls, we found the fingerprints of an unfamiliar attacker," adding the offensive is "designed to cripple the victim's systems, leaving no recourse to simple remediation via domain administration or recovery of shadow copies."

On July 9, the Iranian train system was left paralyzed in the wake of a major attack, with the hackers defacing electronic displays to instruct passengers to direct their complaints to the phone number of the Iranian Supreme Leader Ayatollah Ali Khamenei's office. The incident is said to have reportedly caused "unprecedented chaos" at stations with hundreds of trains dela ..

Support the originator by clicking the read the rest link below.