Iranian Railways and the Ministry of Roads and Urban Development systems became the subject of targeted cyber attacks. Attacks heavily rely on the attacker's previous knowledge and reconnaissance of the targeted networks. The attacks on Iran were found to be tactically and technically similar to previous activity against multiple private companies in Syria which was carried at least since 2019. Analysts were able to tie this activity to a threat group that identify themselves as regime opposition group, named Indra. During these years, the attackers developed and deployed within victim's networks at least 3 different versions of the wiper dubbed Meteor, Stardust, and Comet. Judging by the quality of the tools, their modus operandi, and their presence on social media, we find it unlikely that Indra is operated by a nation-state actor.
Login to the community
No account yet? Create an account
LoginCUSTOMER / CYMULATE EMPLOYEE LOGIN
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.