Novel Meteor Wiper Used in Attack that Crippled Iranian Train System
#1
Information 
Quote:An attack earlier this month on Iran’s train system, which disrupted rail service and taunted Iran’s leadership via hacked public transit display screens, used a never-before-seen wiper malware called Meteor that appears to have been design for reuse, a security researcher has found.
 
The initial attack, dubbed MeteorExpress, occurred July 9, when “a wiper attack paralyzed the Iranian train system,” according to a report by Juan Andres Guerrero-Saade at Sentinel Systems.

That attack disrupted service and directed customers via all of the displays and message boards at the train station to call “64411”–the number for the office of Supreme Leader Ali Khamenei—for more information.
 
The next day, attackers also hit the website and computer systems of the staff of Iran’s the Ministry of Roads and Urban Development, according to a published report.
 
SentinelLabs researchers reconstructed most of the attack chain in the train-system and discovered the novel wiper, which the threat actors—who also appear to be a new set of adversaries still finding their attack rhythm–refer to as Meteor, Guerrero-Saade wrote.
 
Guerrero-Saade credited security researcher Anton Cherepanov with identifying an early analysis of the event written in Farsi by an Iranian antivirus company as helping researchers recreate the attack.

What they discovered is that “behind this outlandish tale of stopped trains and glib trolls” are “the fingerprints of an unfamiliar attacker,” using a wiper that “was developed in the past three years and was designed for reuse,” Guerrero-Saade wrote.

Read more: Novel Meteor Wiper Used in Attack that Crippled Iranian Train System | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:





[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>