🚨An attack on the Iranian Railways 🚨

  • 17 August 2021
  • 0 replies
🚨An attack on the Iranian Railways 🚨
Userlevel 5
Badge +3
  • Community Manager
  • 25 replies

Iranian Railways and the Ministry of Roads and Urban Development systems became the subject of targeted cyber attacks. Attacks heavily rely on the attacker's previous knowledge and reconnaissance of the targeted networks. The attacks on Iran were found to be tactically and technically similar to previous activity against multiple private companies in Syria which was carried at least since 2019. Analysts were able to tie this activity to a threat group that identify themselves as regime opposition group, named Indra. During these years, the attackers developed and deployed within victim's networks at least 3 different versions of the wiper dubbed Meteor, Stardust, and Comet. Judging by the quality of the tools, their modus operandi, and their presence on social media, we find it unlikely that Indra is operated by a nation-state actor.

0 replies

Be the first to reply!