Iranian hackers deploy new ZeroCleare data-wiping malware

IBM identifies new ZeroCleare destructive malware targeting energy companies active in the Middle East region.

Security researchers from IBM said today they identified a new strain of destructive data-wiping malware that was developed by Iranian state-sponsored hackers and deployed in cyber-attacks against energy companies active in the Middle East.

IBM did not name the companies that have been targeted and had data wiped in recent attacks.

Instead, IBM’s X-Force security team focused on analyzing the malware itself, which they named ZeroCleare.

28-page PDF report is available on the tool’s capabilities, which IBM said it closely resembles Shamoon, one of the most dangerous and destructive malware strains of the past decade. A summary of this report’s main findings is in the article below.

CREATED BY XHUNT AND APT34

Unlike many cyber-security firms, IBM’s X-Force team did not shy away from attributing the malware and the attacks to a specific country — in this case, Iran.

“Based on the analysis of the malware and the attackers’ behavior, we suspect Iran-based nation-state adversaries were involved to develop and deploy this new wiper,” the IBM security team said.

But unlike many previous cyber-attacks, which are usually carried out by one single group, IBM said this malware and the attacks behind appear to be the efforts of a collaboration between two of Iran’s top-tier government-backed hacking units.

According to IBM, the ZeroCleare malware is the brainchild of xHunt (Hive0081 in the IBM report) and APT34 (ITG13 in the IBM report, also known as Oilrig).

THE ZEROCLEARE MALWARE

As for the malware itself, ZeroCleare is your classic “wiper,” a strain of malware designed to delete as much data as possible from an infected host.

Wiper malware is usually used in two scenarios. It’s either used to mask intrusions by deleting crucial forensic evidence or it’s used to damage a victim’s ability to carry out its normal business activity — as was the case of attacks like Shamoon, NotPetya, or Bad Rabbit.

Iranian hackers deploy new ZeroCleare data-wiping malware
Iranian hackers deploy new ZeroCleare data-wiping malware

to read more technology articles : https://www.dazzlepop.net/site/category/technology/

Source: https://www.zdnet.com/article/iranian-hackers-deploy-new-zerocleare-data-wiping-malware/#ftag=RSSbaffb68