New Iranian Wiper Discovered In Attacks On Middle Eastern Companies

An anonymous reader quotes a report from Ars Technica: IBM X-Force, the company's security unit, has published a report of a new form of "wiper" malware connected to threat groups in Iran and used in a destructive attack against companies in the Middle East. The sample was discovered in a response to an attack on what an IBM spokesperson described as "a new environment in the [Middle East] -- not in Saudi Arabia, but another regional rival of Iran." Dubbed ZeroCleare, the malware is "a likely collaboration between Iranian state-sponsored groups," according to a report by IBM X-Force researchers. The attacks were targeted against specific organizations and used brute-force password attacks to gain access to network resources. The initial phase of the attacks was launched from Amsterdam IP addresses owned by a group tied to what IBM refers to as the "ITG13 Group" -- also known as "Oilrig" and APT34. Another Iranian threat group may have used the same addresses to access accounts prior to the wiper campaign.

In addition to brute force attacks on network accounts, the attackers exploited a SharePoint vulnerability to drop web shells on a SharePoint server. These included China Chopper, Tunna, and another Active Server Pages-based webshell named "extensions.aspx," which "shared similarities with the ITG13 tool known as TWOFACE/SEASHARPEE," the IBM researchers reported. They also attempted to install TeamViewer remote access software and used a modified version of the Mimikatz credential-stealing tool -- obfuscated to hide its intent -- to steal more network credentials off the compromised servers. From there, they moved out across the network to spread the ZeroCleare malware. "While X-Force IRIS cannot attribute the activity observed during the destructive phase of the ZeroCleare campaign," the researchers noted, "we assess that high-level similarities with other Iranian threat actors, including the reliance on ASPX web shells and compromised VPN accounts, the link to ITG13 activity, and the attack aligning with Iranian objectives in the region, make it likely this attack was executed by one or more Iranian threat groups."

Is that good?

[110010001000]

Or bad? Not sure who I should be cheering for. The "threat group" or IBM or the unnamed Middle Eastern companies. Let me know.

Expect to see a lot more of these stories

[rsilvergun]

We're being rail roaded into another war [youtube.com]

Re: Expect to see a lot more of these stories

[Way Smarter Than You]

Because yeah we haven't been seeing stories just like this about how so n so is an enemy since before the founding of the country and this has never happened before in any other country, ever, until now. Welcome to the human condition. We have always been at war with Eurasia.

Re: Expect to see a lot more of these stories

[astrofurter]

"We have always been at war with Eurasia."

Lies! Dirty lies! Eurasia are our dearest allies. We have always been at war with Eastasia!

Re: Expect to see a lot more of these stories

[Techslips.com]

This is what you get for gta 5 iso roms file to download https://techslips.com/gta-5-pp... [techslips.com]

Re:

[quenda]

For all Trump's many, many faults, he is not a war hawk.
And Iran is far too powerful to be invaded. Though a lesser military confrontation cannot be ruled out.
Trump is often described as unpredictable, but he has mostly stuck to all the stupid things he said when campaigning. Still trying to get that wall built.

Re:

[Some Guy I Dont Know]

Iraq had a bigger and better equipped army in 1990, and the US military is significantly more powerful now than it was then.

Iran is not "too powerful" to invade. It's not even "too powerful" to successfully invade.
Iran has far too strong a national identity for an outsider to successfully conquer or rule it.

A 1990/Desert Storm style conflict would be easy. A 2003-style attempt to occupy the country would make Iraq's occupation look clean and simple.

Re:

[Archtech]

Iraq had a bigger and better equipped army in 1990, and the US military is significantly more powerful now than it was then.

Iran is not "too powerful" to invade. It's not even "too powerful" to successfully invade.

That's wrong in so many ways it's quite impressive.

The Iraqi army was admittedly far bigger in 1990 than the Iranian army is today. But it was worse equipped, trained, and motivated. Note that in the Iraq-Iran War just before the First Gulf War - in which the USA openly assisted and advised Iraq - Iran prevented the Iraqi armed forces from invading its territory, and the war ended more or less in a draw. Since then Iran's armed forces have become far more effective and better equipped.

The US armed forces are actually significantly less powerful and effective today than in 1990. (See Andrei Martyanov, more or less passim, among others).

Iran is too dangerous an enemy for the USA to attack, even from a distance. For instance, its cruise missiles have greater range than any American ones.

http://thesaker.is/war-gaming-... [thesaker.is]
http://thesaker.is/attack-on-i... [thesaker.is]
http://johnhelmer.net/blitz-wo... [johnhelmer.net]
https://news.rambler.ru/middle... [rambler.ru] (Russian - Google Translate is your friend).

As for invasion - when did you last look at a map of Iran? ("War is God's way of teaching Americans geography". - Ambrose Bierce).

To start with, all US and allied bases within about 2,000 km of Iranian territory stand to be deluged with cruise missiles and drones. That will degrade or entirely destroy their ability to launch or land aircraft. It goes on from there. Any US ships within about 1,500 km (or more) will simply be sunk.

Now, as for this invasion of Iran - from where will it come? Trying to cross the Gulf in face of some of the world's most powerful defences is not a plan - it's suicide.

Iraq? Afghanistan? Pakistan? Turkmenistan? Even the chairbound brass running the Pentagon would turn into shivering blancmange at the thought of trying to base at least 250,000 US troops in any of those countries. Immense fuel, ammunition and supply dumps. Yum! Vast convoys carrying personnel and supplies... Double Yum! Trying to launch a modern combined-forces attack through hundreds of miles of difficult terrian haunted by thousands of guerillas armed with the lastest weapons, and able to call in devastating strikes... and all with no air cover. Just stand in front of the Pentagon and yell "No air cover!" The building itself would melt with fear.

Lastly, of course, Iran qualifies as an ally of Russia. Which means Russia (and possibly China, and Pakistan) would defend it. Go thermonuclear, fried homeland.

Trump wants to die in office

[rsilvergun]

he wasn't expecting to win, and once he's out of office the flood gates are open to every two bit Attorney General lookin' to make a name for himself by putting Trump behind bars. Hell, forget behind bars, imagine just being able to cross examine a former president. Imagine what that would do for your career in a Blue State.

So like a cornered rat he'll do whatever it takes to stay in power. The only reason we're not already at war with Iran is that so far the people have shot it down. No less personage

Re:

[quenda]

No less personage then Ben Shapiro tried to war monger Iran and he got showed down by his audience.

Really. Well, Shapiro is a smart guy, and appeals to a more educated audience than the typical Trump voter. (not saying Trump voters are idiots, but the Iran issue is complex)

Sadly, Shapiro lets religion pervert his thinking, and comes to nonsensical conclusions. Osama bin Laden was a smart guy too. Religion is bad ... m'kay.

Re:

[Archtech]

For all Trump's many, many faults, he is not a war hawk.

It's a rather frightening commentary on the US government that a president can be thus described who has ordered the massive bombardment of a nation with which the USA has never been at war, not once but twice, purely because of baseless rumours that upset his family.

Re: Expect to see a lot more of these stories

[Techslips.com]

"White people make good countries" With the African resources, we the reason white are rich. African countries have what it takes to be great only but we still stand one place with bad leadership. Tech Slips World [techslips.com]

Re:

[LostMyAccount]

I seriously doubt the US would get involved in anything militarily with the Iranians without serve provocation -- like an easily provable military attack on US flagged shipping or some other major and high profile conflict.

Iran is one of the most difficult countries to invade thanks to geography and population, and it would take a major war effort to fight the Iranians.

Half-measures like air strikes will only cause the Iranians to escalate civilian terrorism, or worse, since we don't really know what kind o

Astute

[Anonymous Coward]

Astute observation.
This story, together with similar worded ones appearing recently, seem to fit the pattern from the textbook for rallying public opinion behind an unpopular agenda item. It's not as if it is a secret that IBM is a morally corrupt company, and the current CEO is happy to do whatever evil, as long as she gets something out of it personally.

"Rometty said she, Trump and Homeland Security Secretary John Kelly talked about ways that advanced technology could address national security imperatives

Hint as to why the sploit works well.

[deviated_prevert]

.aspx exploit 'nough said. Active server pages are at best kludged together POS .net garbage. I cringe when I see .gov sites that are still serving up dll garbage from the XP IE6 era. Then again, if everyone ditched the old coded .net and .aspx garbage then IBM would most likely go out of business because keeping old .net garbage up and working on the net is the only way they make any money these days.

Iranian Wipers

[backslashdot]

I am sure they are of good quality, but Iâ(TM)ll just stick to rain-x for now. Highly recommended, by the way. Avoids a lot of the problems you may normally encounter wipers, doesnâ(TM)t streak and lasts at least a couple of years .. even though it rains most of the winters and spring around here. The other thing is they are quite affordable and easy to swap out.

Wiper?

[blindseer]

You mean like... with a dustcloth?

False flag?

[ghoul]

After WMD how do we know this is not a false flag to justify war? US is going to be guilty until proven innocent for at least the next 50 yrs in international relations

Re:False flag?

[ShanghaiBill]

After WMD how do we know this is not a false flag to justify war?

Because it doesn't justify war even if true.

I have a son nearing military age. I am not keen on the idea of him being sent to fight and die in a war over weak server security at an unidentified corporation in an unnamed Middle Eastern country.

If anything, I feel grateful that Iran is providing these companies with free pen-testing.

Re:

[AmiMoJo]

Current thinking is that cyber attacks should be treated like conventional warfare attacks. If a cyber attack destroys some facility then it should be treated the same as if a bomb destroyed it.

There are moves to formalize this in international law by several countries. It looks like that's how they want to handle it and even today could likely argue that point at the UN or in an international court if it came to it.

Of course the biggest problem is determining who is behind the attacks. Sometimes this malwa

Re:

[iggymanz]

if a cyber attack destroys a facility the IT staff should be fired, that's all. The problem is on them.

Re:

[AmiMoJo]

Right, fire the anti-aircraft crews, fire the radar operators, fire the secretary of defence, just fire everyone because that cruise missile got through. It's clearly their fault, no need to think more deeply about it.

Re:

[iggymanz]

Not the same thing, retard

Preventable IT issues are different, including use of Microsoft Sharepoint which is a known weak and inferior platform.

Re:

[oh_my_080980980]

Not according to Admin Schiff - it's Pearl Harbor baby!

Re:

[tinkerton]

Why would that be a false flag? Do you expect there to be no Iranian malware at all? Should all malware be ours?
The standard practice of deception and partisan attitude is in
- making a big story about a possible Iranian piece of malware while if you keep it in proportion it is not worth mentioning,
- making claims about detected malware , claims which on closer inspection are false or just speculation
A false flag is making actual malware to look Iranian. False flag operations are rarely needed if it is much

Re:

[ArchieBunker]

A nice company called Reynolds Wrap makes a solution for your problem. Apply it to your head daily and these pesky conspiracy theories will go away. You still holding out on Obama's birth certificate and WTC building 7?

Re: False flag?

[Techslips.com]

New Iranian Wiper Discovered In Attacks On Middle Eastern Companies gta 5 ppsspp iso roms download for android [techslips.com]

Use Windows, lose with Windows

[Tough Love]

Use Windows and you're a loser in more ways than one. You have been warned.

They got targeted by Stuxnet

[ElectronicSpider]

No wonder that they're taking cyber warfare more seriously now.