An Interest In:
Web News this Week
- March 31, 2024
- March 30, 2024
- March 29, 2024
- March 28, 2024
- March 27, 2024
- March 26, 2024
- March 25, 2024
Some of Our Sources
- Slashdot
- BoingBoing
- TutsPlus - Code
- Abduzeedo
- Creative Curio
- Crazy Leaf Design
- CSS Globe
- Specky Boy
- Daily Now
- TechPowerUp
Help Webnuz
Referal links:
December 5, 2019 03:30 am
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/BpOq8wwx-VM/new-iranian-wiper-discovered-in-attacks-on-middle-eastern-companies
New Iranian Wiper Discovered In Attacks On Middle Eastern Companies
An anonymous reader quotes a report from Ars Technica: IBM X-Force, the company's security unit, has published a report of a new form of "wiper" malware connected to threat groups in Iran and used in a destructive attack against companies in the Middle East. The sample was discovered in a response to an attack on what an IBM spokesperson described as "a new environment in the [Middle East] -- not in Saudi Arabia, but another regional rival of Iran." Dubbed ZeroCleare, the malware is "a likely collaboration between Iranian state-sponsored groups," according to a report by IBM X-Force researchers. The attacks were targeted against specific organizations and used brute-force password attacks to gain access to network resources. The initial phase of the attacks was launched from Amsterdam IP addresses owned by a group tied to what IBM refers to as the "ITG13 Group" -- also known as "Oilrig" and APT34. Another Iranian threat group may have used the same addresses to access accounts prior to the wiper campaign. In addition to brute force attacks on network accounts, the attackers exploited a SharePoint vulnerability to drop web shells on a SharePoint server. These included China Chopper, Tunna, and another Active Server Pages-based webshell named "extensions.aspx," which "shared similarities with the ITG13 tool known as TWOFACE/SEASHARPEE," the IBM researchers reported. They also attempted to install TeamViewer remote access software and used a modified version of the Mimikatz credential-stealing tool -- obfuscated to hide its intent -- to steal more network credentials off the compromised servers. From there, they moved out across the network to spread the ZeroCleare malware. "While X-Force IRIS cannot attribute the activity observed during the destructive phase of the ZeroCleare campaign," the researchers noted, "we assess that high-level similarities with other Iranian threat actors, including the reliance on ASPX web shells and compromised VPN accounts, the link to ITG13 activity, and the attack aligning with Iranian objectives in the region, make it likely this attack was executed by one or more Iranian threat groups."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/BpOq8wwx-VM/new-iranian-wiper-discovered-in-attacks-on-middle-eastern-companies
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot