Tensions may be getting worse between the United States and Iran, however, a reported malware attack from last month shows that the U.S isn’t the only country dealing with Iran right now.
Authorities in Saudi Arabia reportedly discovered a new variant of a wiper malware called "Dustman." Wipers are a type of malware that deletes all the data on a computer/server/network. Saudi officials believe this cyberattack is connected to Iranian hackers.
From Lobbing Missiles to Cyber Warfare
The attackers deployed the malware against a target that, while originally unnamed, was recently announced to be the national Bahraini oil company Bapco. The attack was a rush job, however, and the hackers ended up leaving behind some clues on the target network, according to a technical report from the National Cybersecurity Authority of Saudi Arabia.
The advisory about the attack doesn’t name a specific culprit behind the attack, but the Saudi officials did suggest that it was the work of state-sponsored threat actors. Those familiar with the situation believe that it seemed similar to previous hacking jobs performed by Iranian hackers. The advisory is the latest sign that Iranian hackers are using malware – in particular, wiper malware – to disrupt organizations across the Middle East.
One Middle East-based cybersecurity analyst who refused to be named because of how sensitive the issue and situation is said that the attack was “in line with the previous activities we saw from groups attributed to Iran. Yet the damage has been limited compared to previous years due to NCA’s heavy involvement with the target at early stages.”
US Government Officials Warn of Retaliatory Cyberattacks
The memo came to light in the wake of the U.S killing Qassem Soleimani – the most powerful general in Iran – on January 3rd. Iran responded by striking a military base that housed American forces. With the potential for the conflict to get worse, American officials and security experts warn against potential cyberattacks from Iran. They warn it is possible for Iran to carry out more data-wiping attacks like this. They also warn of the potential for cyber-espionage.
There’s also the potential for Iran to target U.S allies such as Saudi Arabia. An attack from 2012 that took out thousands of computers at Saudi Aramco was performed with the Shamoon wiper malware. This malware is believed to have originated from Iran.
The attack from last month only serves to show that the Iranian cyber threat hasn’t gone anywhere – and likely won’t go anywhere for some time.