Iranian-backed hackers launched 'malicious' malware targeting Middle East energy companies
Researchers at IBM say Iranian state-backed hackers have developed a new strain of malware comparable to one of the most destructive computer viruses of the last two decades.
2 min read
Iranian state-sponsored hackers have launched new destructive malware capable of wiping data from computers running the Windows operating system, security researchers from IBM said on Wednesday.
The hackers have used the new strain of malware - named as ZeroCleare - to target energy companies operating in the Middle East, according to the researchers.
In a 28-page report, IBM's X-Force researchers liken the malware to Shamoon - a dangerous strain of malware that emerged in 2012 as hackers targeted Saudi state oil firm Aramco.
"ZeroCleare attacks are not opportunistic and appear to be targeted operations against specific organisations," IBM's X-Force said in an article published by Security Intelligence.
"X-Force IRIS assesses that the ITG13 threat group, also known as APT34/OilRig, and at least one other group, likely based out of Iran, collaborated on the destructive portion of the ZeroCleare attack."
Significantly, the researchers added that the attacks appeared to be the joint work of two of Iran's top-tier government-backed hacking units.
Iran is thought to have been behind the spread of the Shamoon virus in 2012 which hit Saudi Aramco and Qatari natural gas producer RasGas.
The virus deleted hard drives and then displayed a picture of a burning American flag on computer screens.
Saudi Aramco ultimately shut down its network and destroyed over 30,000 computers.
Another version of the virus struck Saudi government computers in late 2016, this time displaying a photograph of the body of three-year-old Syrian boy Aylan Kurdi, who drowned fleeing his country's civil war.
The hackers have used the new strain of malware - named as ZeroCleare - to target energy companies operating in the Middle East, according to the researchers.
In a 28-page report, IBM's X-Force researchers liken the malware to Shamoon - a dangerous strain of malware that emerged in 2012 as hackers targeted Saudi state oil firm Aramco.
"ZeroCleare attacks are not opportunistic and appear to be targeted operations against specific organisations," IBM's X-Force said in an article published by Security Intelligence.
"X-Force IRIS assesses that the ITG13 threat group, also known as APT34/OilRig, and at least one other group, likely based out of Iran, collaborated on the destructive portion of the ZeroCleare attack."
Significantly, the researchers added that the attacks appeared to be the joint work of two of Iran's top-tier government-backed hacking units.
Iran is thought to have been behind the spread of the Shamoon virus in 2012 which hit Saudi Aramco and Qatari natural gas producer RasGas.
The virus deleted hard drives and then displayed a picture of a burning American flag on computer screens.
Saudi Aramco ultimately shut down its network and destroyed over 30,000 computers.
Another version of the virus struck Saudi government computers in late 2016, this time displaying a photograph of the body of three-year-old Syrian boy Aylan Kurdi, who drowned fleeing his country's civil war.
Follow us on Twitter and Instagram to stay connected