February 18, 2022
In the past few months, a new wave of cyberattacks has been flooding Iran. These attacks are far from minor website defacements – the recent wave is hitting national infrastructure and causing major disruptions to public services.
This article provides an in-depth technical analysis of one of the attacks against the Iranian national media corporation, Islamic Republic of Iran Broadcasting (IRIB) which occurred in late January 2022.
On January 27, Iranian state broadcaster IRIB became the subject of a targeted cyberattack that resulted in several state-run TV channels broadcasting footage of opposition leaders and calling for the assassination of the supreme leader. Check Point Research team investigated this attack and was able to retrieve the files and forensics evidence related to the incident from publicly available resources.
We found malicious executables whose purpose was to air the protest message, in addition, we discovered evidence that a wiper malware was used. This indicates that the attackers’ aim was also to disrupt the state’s broadcasting networks, with the damage to the TV and radio networks possibly more serious than officially reported.
Among the tools used in the attack, we identified malware that takes screenshots of the victims’ screens, several custom-made backdoors, and related batch scripts and configuration files used to install and configure the malicious executables. We could not find any evidence that these tools were used previously, or attribute them to a specific threat actor.
In this article, we provide a technical analysis of the tools related to the attack, as well as the attackers’ tactics.
Cyberattacks Hit Iran
In July 2021, an attack hit the Iranian national railway and cargo services, and caused “unprecedented disruptions” to the country ..
Support the originator by clicking the read the rest link below.
