Security News > 2021 > August > Hackers behind Iranian wiper attacks linked to Syrian breaches
Destructive attacks that targeted Iran's transport ministry and national train system were coordinated by a threat actor dubbed Indra, who previously deployed wiper malware on the networks of multiple Syrian organizations.
"The attacks on Iran were found to be tactically and technically similar to previous activity against multiple private companies in Syria which was carried at least since 2019," Check Point Research analysts who made the connection said.
As SentinelOne security researcher Juan Andres Guerrero-Saade observed in a report analyzing the Iranian attack published two weeks ago, the threat actor was able to remain undetected during the reconnaissance phase of their attack despite showing a general lack of skill.
Indra has previously shared successful attacks on social media on multiple platforms, including Twitter, Facebook, Telegram, and Youtube.
November 2020: Indra threatens to attack the Syrian Banias Oil refinery, though it is not clear whether the threat was carried out.
The hacking group chose not to take responsibility for last month's attacks against the Iranian Railways and the Ministry of Roads and Urban Development.
News URL
Related news
- New ‘Rules File Backdoor’ Attack Lets Hackers Inject Malicious Code via AI Code Editors (source)
- TechRepublic EXCLUSIVE: New Ransomware Attacks are Getting More Personal as Hackers ‘Apply Psychological Pressure” (source)
- Hackers Repurpose RansomHub's EDRKillShifter in Medusa, BianLian, and Play Attacks (source)
- Chinese FamousSparrow hackers deploy upgraded malware in attacks (source)
- North Korean hackers adopt ClickFix attacks to target crypto firms (source)
- Microsoft Credits EncryptHub, Hacker Behind 618+ Breaches, for Disclosing Windows Flaws (source)
- Russian hackers attack Western military mission using malicious drive (source)
- Hackers Abuse Russian Bulletproof Host Proton66 for Global Attacks and Malware Delivery (source)
- Hackers abuse Zoom remote control feature for crypto-theft attacks (source)
- DPRK Hackers Steal $137M from TRON Users in Single-Day Phishing Attack (source)