A freshly-discovered wiper malware dubbed “ZeroCleare” has been deployed to target the energy and industrial sectors in the Middle East. According to IBM’s X-Force Incident Response and Intelligence Services (IRIS), ZeroCleare (so-named because of the program database pathname of its binary file) was involved in a recently spotted APT attack in which it compromised a Windows machine via a vulnerable driver. ZeroCleare then pivoted to spread to other devices on the network – setting up the groundwork for a potentially catastrophic attack. IRIS analysis showed that ZeroCleare shares certain characteristics with the infamous Shamoon malware in that it overwrites the master boot record (MBR) and disk partitions on Windows-based machines, using a legitimate utility. This renders infected machines inoperable. “As Shamoon did before it, the tool of choice in the attacks is EldoS RawDisk, a legitimate toolkit for interacting with files, disks and partitions,” according to an analysis, posted on Wednesday. “Nation-state groups and cybercriminals frequently use legitimate tools in ways that a vendor did not intend to accomplish malicious or destructive activity.” The vulnerable driver was used to bypass the Windows operating system safeguards that prevent unsigned drivers from running on 64-bit machines – a control that is designed to only allow drivers which have been signed by Microsoft to run on the device. “Since ZeroCleare relies on the EldoS RawDisk driver, which is not a…
https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png 0 0 govanguard https://govanguard.com/wp-content/uploads/2018/04/Header_Logo.png govanguard2019-12-04 13:10:002019-12-04 13:10:00Iran Targets Mideast Oil with ZeroCleare Wiper Malware
Our Standard Office Hours
Monday – Friday: 8:00AM – 5:00PM EDT
Saturday – Sunday: Closed
Where to Find Us
Data Privacy Notice
- – All product names, logos, and brands are property of their respective owners.
- – The use of these names, logos, and brands is for identification purposes only and does not imply endorsement.
- – Content syndication and aggregation of public information is solely for the purpose of identifying information security trends, all syndicated content contains source links to the content creator website. All content is owned by it’s respective content creators.
- – If you are an owner of some content and want it to be removed, please email email@example.com