This article has been indexed from E Hacking News – Latest Hacker News and IT Security News
The cyber-attack that crippled Iran’s national railway system at the beginning of the month was caused by a disk-wiping malware strain called Meteor, not a ransomware attack, as per the research published by security firms Amnpardaz and SentinelOne.
According to Reuters, the attack caused train services to be affected as well as the transport ministry’s website to fall down. But the assault wasn’t simply meant to cause havoc. A number for travelers to contact for further information about the difficulties was also put into displays at train stations by the attackers.
As per Juan Andres Guerrero-Saade, Principal Threat Researcher at SentinelOne, this is the first time this malware has been used and also stated Meteor is yet to be linked to a previously identified group.
Meteor malware: A part of a well-planned attack
The Meteor wiper was precisely one of three components of a broader malware arsenal placed on the systems of the Iranian railway computers on July 9, according to the firm’s research.
The attacks, which SentinelOne tracked under the codename of MeteorExpress, and led to trains being canceled or delayed across Iran, involved:
1.Meteor – malware that wiped the infected computer’s filesystem.
2.A file named mssetup.exe that played the role of an old-school screen locker to lock the user out of their PC.
3.And a file named nti.ex
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: Wiper Malware Used in Attack Against Iranian Railway