Security News > 2021 > July > Novel Meteor Wiper Used in Attack that Crippled Iranian Train System

An attack earlier this month on Iran's train system, which disrupted rail service and taunted Iran's leadership via hacked public transit display screens, used a never-before-seen wiper malware called Meteor that appears to have been design for reuse, a security researcher has found.

The initial attack, dubbed MeteorExpress, occurred July 9, when "a wiper attack paralyzed the Iranian train system," according to a report by Juan Andres Guerrero-Saade at Sentinel Systems.

SentinelLabs researchers reconstructed most of the attack chain in the train-system and discovered the novel wiper, which the threat actors-who also appear to be a new set of adversaries still finding their attack rhythm-refer to as Meteor, Guerrero-Saade wrote.

Guerrero-Saade credited security researcher Anton Cherepanov with identifying an early analysis of the event written in Farsi by an Iranian antivirus company as helping researchers recreate the attack.

Attackers used the batch files, nested alongside their respective components, in a chain to successfully execute the attack.

The wiper also includes much more functionality that was not used in the Iranian train attack, he noted.

News URL

https://threatpost.com/novel-meteor-wiper-used-in-attack-that-crippled-iranian-train-system/168262/