Sign In

Communications of the ACM

ACM News

Hackers Used Never-Before-Seen Wiper in Attack on Iranian Train System


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Iranian flags.

Cybersecurity company SentinelOne found most of the attack was "orchestrated via a set of batch files nested alongside their respective components and chained together in successive execution."

Credit: Morteza Nikoubazi/Reuters

Researchers with cybersecurity company SentinelOne reconstructed the recent cyberattack on Iran's train system in a new report, uncovering a new threat actor -- which they named 'MeteorExpresss' -- and a never-before-seen wiper.

On July 9, news outlets began reporting on a cyberattack targeting the Iranian train system, with hackers defacing display screens in train stations by asking passengers to call '64411', the phone number of Iranian Supreme Leader Khamenei's office. 

Train services were disrupted and just one day later, hackers took down the website of Iran's transport ministry. According to Reuters, the ministry's portal and sub-portal sites went down after the attack targeted computers at the Ministry of Roads and Urban Development.

In his examination, SentinelOne principal threat analyst Juan Andres Guerrero-Saade explained that the people behind the attack called the never-before-seen wiper 'Meteor' and developed it in the last three years.

From ZDNet
View Full Article


 

No entries found

Sign In for Full Access
» Forgot Password? » Create an ACM Web Account