filmov
tv
ZeroCleare Malware by IRAN Hackers
Показать описание
Researchers discovered a new wave of destructive attack by the Iranian hacker group using disk-wiping malware “ZeroCleare” to wipe the MBR and damage disk partitions on a large number of networked devices.
ZeroCleare malware attacks various industries such as energy and industrial sectors mainly in the Middle East, and malware believed to be developed and deployed by Iran-based nation-state hackers group.
Researchers find evidence that the ZeroCleare malware has similarities of another disk wiping Shamoon malware, that performing the destructive attack using an image of a burning US Dollar, which we have reported back in 2018.
ZeroCleare mainly targeting to overwrite the Master Boot Record (MBR) and disk partitions on Windows-based machines.
Similar to the Shamoon Malware, ZeroCleare employed EldoS RawDisk, a legitimate toolkit for interacting with files, disks, and partitions with malicious intent to wipe the MBR and damaged disk partitions.
To bypass the Windows control, threat actors using vulnerable driver and malicious PowerShell/Batch scripts along with ‘living off the land’ to expand the target and spread to various devices in the network.
The Middle East is more frequently fall this kind of destructive attacks on the energy and industrial sectors and its not limited, cybercriminals targeting the economy of rival countries.
Researchers believe that ” When these attacks are carried out by nation-state adversaries, they often have military objectives that can include accessing systems to deny access to, degrade, disrupt, deceive, or destroy the device/data.”
ZeroCleare Malware Infection Flaw
When looking that files employed by the malware, ZeroCleare comes in two versions, but only one worked. one for each Windows architecture (32-bit and 64-bit), The 32-bit version was supposed to function by installing the EldoS RawDisk driver.
Researchers observed various following malicious files arsenal that used infect devices with ZeroCleare malware and expanded through compromised networks.
ZeroCleare
In this file list, PowerShell and batch scripts are employed to spread and execute the ZeroCleare malware across the domain.
ZeroCleare
Infection Flaw
ZeroCleare malware attacks various industries such as energy and industrial sectors mainly in the Middle East, and malware believed to be developed and deployed by Iran-based nation-state hackers group.
Researchers find evidence that the ZeroCleare malware has similarities of another disk wiping Shamoon malware, that performing the destructive attack using an image of a burning US Dollar, which we have reported back in 2018.
ZeroCleare mainly targeting to overwrite the Master Boot Record (MBR) and disk partitions on Windows-based machines.
Similar to the Shamoon Malware, ZeroCleare employed EldoS RawDisk, a legitimate toolkit for interacting with files, disks, and partitions with malicious intent to wipe the MBR and damaged disk partitions.
To bypass the Windows control, threat actors using vulnerable driver and malicious PowerShell/Batch scripts along with ‘living off the land’ to expand the target and spread to various devices in the network.
The Middle East is more frequently fall this kind of destructive attacks on the energy and industrial sectors and its not limited, cybercriminals targeting the economy of rival countries.
Researchers believe that ” When these attacks are carried out by nation-state adversaries, they often have military objectives that can include accessing systems to deny access to, degrade, disrupt, deceive, or destroy the device/data.”
ZeroCleare Malware Infection Flaw
When looking that files employed by the malware, ZeroCleare comes in two versions, but only one worked. one for each Windows architecture (32-bit and 64-bit), The 32-bit version was supposed to function by installing the EldoS RawDisk driver.
Researchers observed various following malicious files arsenal that used infect devices with ZeroCleare malware and expanded through compromised networks.
ZeroCleare
In this file list, PowerShell and batch scripts are employed to spread and execute the ZeroCleare malware across the domain.
ZeroCleare
Infection Flaw
ZeroCleare Malware by IRAN Hackers
0:01:05
Iranian hackers target corporate VPN servers
0:20:52
New Destructive Iranian Cyberattack - 'Dustman'
0:01:17
Iran-backed Hackers target VPN servers - TomoNews
0:02:05
A 2-miinute Briefing, Iranian-Backed Agrius APT Group Cyber Attack On Diamond Industry..
0:02:03
Malware This week 2019 December #GAMAREDON #TRICKBOT #ZEROCLEARE
0:06:42
The Iran Cyber Threat: What You Need To Know
0:20:22
Lazarus Group interested in thorium reactors? Disinformation by phishing. ZeroCleare wiper in...
0:03:15
ZeroCleare
0:11:43
Oracle, Python Dagger, Morgan Stanley Pays $35M & Iran Cyber Activity detailed
1:02:42
Cyber Operations Other Than War - Joe Slowik
Комментарии