Iran: Iranian state-sponsored hackers are believed to be operating a destructive new piece of malware that has been named ZeroCleare. ZeroCleare is currently targeting the “industrial and energy sectors” throughout the Middle East. It is currently believed that the malware is being operated by APT34 and at least one other Iranian group that has yet to be identified. ZeroCleare has a number of similarities to Iran’s Shamoon malware and is used to overwrite the Master Boot Record (MBR) and disk partitions on Windows-based systems. Like Shamoon ZeroCleare abuses EldoS RawDisk to target files and disks on targeted systems. ZeroCleare has different workflows depending on the system it is deployed on, using different methods depending on whether it is on a 32-bit or a 64-bit system.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.