Iranian wiper malware, ImageQuest

An Iran-based hacking group has been deploying a new “wiper” malware that destroys computer systems and the data housed on them.

While the U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned of Iranian wiper malware last June, IBM researchers announced last month that a new version of wiper malware attributed to an Iranian hacker group was making the rounds. Dubbed “ZeroCleare,” this malware spreads throughout a system and overwrites the Master Boot Record, a crucial element of a computer operating system.

In its warning last June, CISA noted that wiper attacks from “Iranian regime actors and proxies” enter an organization through “spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.”

Cybersecurity reports say the wiper malware so far has been used to attack Middle Eastern energy firms and industries. Security experts fear this could presage attacks in the U.S., particularly sabotaging U.S. utilities and manufacturers through exposed Industrial Control Systems.

A utility or manufacturer taken down by wiper malware could lead to blackouts or shuttered plants, and cause “widespread disruption that could take months to fully recover,” according to IBM.

Even if you don’t work for a utility or a manufacturing plant, it’s best to practice the strongest cybersecurity that you can for now. Your team should be ultra cautious about links, and strengthen password rules and safeguards.

If you’ve skipped employee security training, now is the time to review and enforce strong cybersecurity behavior.

This malware won’t give you a second chance to recover data. If it gets in to your network, it will be a disaster for your organization.