Security News > 2022 > February > Iranian State Broadcaster Clobbered by ‘Clumsy, Buggy’ Code

Footage of opposition leaders calling for the assassination of Iran's Supreme Leader ran on several of the nation's state-run TV channels in late January after a state-sponsored cyber-attack on Iranian state broadcaster IRIB. The incident - one of a series of politically motivated attacks in Iran that have occurred in the last year - included the use of a wiper that potentially ties it to a previous high-profile attack on Iran's national transportation networks in July, according to researchers from Check Point Research.

Though the earlier attacks have been attributed to Iran state-sponsored actor Indra, researchers believe a copycat actor was behind the IRIB attack based on the malware and tools used in the attack, they said in a report published Friday.

The disruptive attack on IRIB occurred on Jan. 27, with attackers showing a savviness and knowledge of how to infiltrate systems that suggest it may also have been an inside job, researchers said.

While Iranian officials believe the Iranian opposition political party MEK is behind the attack, the group itself has denied involvement, researchers said.

At the same time, their reliance on IRIB insiders may have been the secret to the attackers' success, as the tools they used are of "Relatively low quality and sophistication, and are launched by clumsy and sometimes buggy 3-line batch scripts," according to Check Point.

While researchers said they are still not sure how the attackers gained initial access to IRIB networks, they managed to retrieve and analyze malware related to the later stages of the attack that did three things: established backdoors and their persistence, launched the video or audio track playing the assassination message, and installed the wiper to disrupt operations in the hacked networks.

News URL

https://threatpost.com/iranian-state-broadcaster-clumsy-buggy-code/178524/