Iran: Iranian state-sponsored hackers are believed to be operating a destructive new piece of malware that has been named ZeroCleare. ZeroCleare is currently targeting the “industrial and energy sectors” throughout the Middle East. It is currently believed that the malware is being operated by APT34 and at least one other Iranian group that has yet to be identified. ZeroCleare has a number of similarities to Iran’s Shamoon malware and is used to overwrite the Master Boot Record (MBR) and disk partitions on Windows-based systems. Like Shamoon ZeroCleare abuses EldoS RawDisk to target files and disks on targeted systems. ZeroCleare has different workflows depending on the system it is deployed on, using different methods depending on whether it is on a 32-bit or a 64-bit system.
By: Dan McNemar It is not a new concept that criminals use the Darknet to