Security News > 2021 > August > Hackers behind Iranian wiper attacks linked to Syrian breaches
Destructive attacks that targeted Iran's transport ministry and national train system were coordinated by a threat actor dubbed Indra, who previously deployed wiper malware on the networks of multiple Syrian organizations.
"The attacks on Iran were found to be tactically and technically similar to previous activity against multiple private companies in Syria which was carried at least since 2019," Check Point Research analysts who made the connection said.
As SentinelOne security researcher Juan Andres Guerrero-Saade observed in a report analyzing the Iranian attack published two weeks ago, the threat actor was able to remain undetected during the reconnaissance phase of their attack despite showing a general lack of skill.
Indra has previously shared successful attacks on social media on multiple platforms, including Twitter, Facebook, Telegram, and Youtube.
November 2020: Indra threatens to attack the Syrian Banias Oil refinery, though it is not clear whether the threat was carried out.
The hacking group chose not to take responsibility for last month's attacks against the Iranian Railways and the Ministry of Roads and Urban Development.
News URL
Related news
- Iranian Hackers Use "Dream Job" Lures to Deploy SnailResin Malware in Aerospace Attacks (source)
- Iranian Hackers Deploy WezRat Malware in Attacks Targeting Israeli Organizations (source)
- North Korean govt hackers linked to Play ransomware attack (source)
- Hackers increasingly use Winos4.0 post-exploitation kit in attacks (source)
- Hackers breach US firm over Wi-Fi from Russia in 'Nearest Neighbor Attack' (source)
- North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks (source)
- US shares tips to block hackers behind recent telecom breaches (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- 390,000 WordPress accounts stolen from hackers in supply chain attack (source)