Yet another Sunday, yet another attack in Middle East.
Maher Center, the Iranian Computer Emergency Response Team / Coordination Center has just released a scant report concerning another (alleged) cyber attack targeting Iran.
Few information is available so far regarding this new targeted attack. The malware, simple in design and hence apparently unrelated to the other sophisticated cyber attacks targeting the same area, seems to have an efficient design and wiping features. According to the statement, the malware “wipes files on different drives in various predefined times. Despite its simplicity in design, the malware is efficient and can wipe disk partitions and user profile directories without being recognized by anti-virus software“. However, it is not considered to be widely distributed. The report also publishes the MD5s of the five identitified components.
Wiper malware samples are becoming increasingly common in Middle East. Of course the most known example so far is the massive cyber attack targeting Saudi Aramco, occurred in August 2012 and targeting 30,000 internal workstations. Few days ago, the final results of the investigations were unveiled, suggesting that the attack was carried on by organized foreign hackers, and aimed “to stop pumping oil and gas to domestic and international markets” with huge impacts on the national economy of the kingdom.
The next hours will tell us if we are in front of a similar scenario, or the statement is rather an attempt of propaganda aimed to emphasize Iranian defensive capabilities.