Iranians Trains Stopped by Wiper Malware

Iranians Trains Stopped by Wiper Malware

A wiper malware was used to stop the functioning of the train services of Iran in the campaign as reported by SentinelLabs. The name of the campaign is MeteorExpress. They have been detected to use Meteor wiper, a malware which is seen for the first time.

The researchers reported that on July 9, this malware was deployed to infect the railway systems of Iran and immobilize them. A message was displayed which instructed to complain by calling on the Iranian Supreme Leader’s office phone number.

The analysis of the attack led to the discovery that the attackers infected the system with cab files for the attack by compromising the group policy. The components of the malware were divided on the basis of their functionality. The function of the meteor was to encrypt the filesystem, nti[.]exe was used to target the MBR, and the mssetup[.]exe’s main function was to lock the system or the screen.

Some additional insights-

The researchers also found out that the main payload which was delivered in the attack is a .exe dropper. The wiper was referred to as Meteor internally just because of an OPSEC mistake. Also, not all the components of the tools were used in the attack. Its ability to change the password and user id, create scheduled tasks, etc. were not utilized.

Bottom Line-

The attackers seem to have thorough knowledge about their target and they are fully capable of launching a successful attack. All these facts point towards serious threats cyber incidents.

By IEMA IEMLabs

IEMLabs is an ISO 27001:2013 and ISO 9001:2015 certified company, we are also a proud member of EC Council, NASSCOM, Data Security Council of India (DSCI), Indian Chamber of Commerce (ICC), U.S. Chamber of Commerce, and Confederation of Indian Industry (CII). The company was established in 2016 with a vision in mind to provide Cyber Security to the digital world and make them Hack Proof. The question is why are we suddenly talking about Cyber Security and all this stuff? With the development of technology, more and more companies are shifting their business to Digital World which is resulting in the increase in Cyber Crimes.

Leave a comment

Your email address will not be published.

This site is under maintenance,
some features might not work!!!