Iran: A new wiper malware that has been named Dustman was reportedly linked to Iran, based on the similarities it shares with previous Iranian malware ZeroCleare and the original Shamoon wiper malware. The link was made based on the common component EldoS RawDisk, which is a legitimate software toolkit for interacting with files, disks, and partitions. The new wiper malware was recently seen in an attack against Bahrain’s national oil company, Babco. The attack began through one of Babco’s VPN servers on December 29, 2019, due to an unpatched vulnerability that was exploited by the attackers. The malware affected only a portion of the company’s network, leaving them operational throughout the attack. A report from Saudi Arabia CNA outlined the malware and explained that a series of small mistakes led to the malware not being fully effective, which is why only a small portion of Babco’s systems could be infected.
Watch the Video
How does Binary Defense help protect your organization? With best in breed cybersecurity tactics, techniques, and services, we make sure that your environment is secure against the most advanced attacks.