Iran: Iranian state-sponsored hackers are believed to be operating a destructive new piece of malware that has been named ZeroCleare. ZeroCleare is currently targeting the “industrial and energy sectors” throughout the Middle East. It is currently believed that the malware is being operated by APT34 and at least one other Iranian group that has yet to be identified. ZeroCleare has a number of similarities to Iran’s Shamoon malware and is used to overwrite the Master Boot Record (MBR) and disk partitions on Windows-based systems. Like Shamoon ZeroCleare abuses EldoS RawDisk to target files and disks on targeted systems. ZeroCleare has different workflows depending on the system it is deployed on, using different methods depending on whether it is on a 32-bit or a 64-bit system.
Using Microsoft Sentinel to Detect Confluence CVE-2022-26134 Exploitation
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is