The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Cybersecurity News and Analysis: wiper malware

ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector

ZeroCleare: New Iranian Data Wiper Malware Targeting Energy Sector

December 05, 2019Swati Khandelwal
Cybersecurity researchers have uncovered a new, previously undiscovered destructive data-wiping malware that is being used by state-sponsored hackers in the wild to target energy and industrial organizations in the Middle East. Dubbed ZeroCleare , the data wiper malware has been linked to not one but two Iranian state-sponsored hacking groups— APT34 , also known as ITG13 and Oilrig, and Hive0081 , also known as xHunt. A team of researchers at IBM who discovered the ZeroCleare malware says that the new wiper malware shares some high-level similarities with the infamous Shamoon, one of the most destructive malware families known for damaging 30,000 computers at Saudi Arabia's largest oil producer in 2012. Just like the Shamoon wiper malware , ZeroCleare also uses a legitimate hard disk driver called 'RawDisk by ElDos' to overwrite the master boot record (MBR) and disk partitions of targeted computers running the Windows operating system. Though EldoS driver is not s
PyeongChang 2018 Winter Olympics Opening Ceremony Disrupted by Malware Attack

PyeongChang 2018 Winter Olympics Opening Ceremony Disrupted by Malware Attack

February 12, 2018Swati Khandelwal
The Pyeongchang Winter Olympics taking place in South Korea was disrupted over the weekend following a malware attack before and during the opening ceremony on Friday. The cyber attack coincided with 12 hours of downtime on the official website for the Winter Games, the collapse of Wi-Fi in the Pyeongchang Olympic stadium and the failure of televisions and internet at the main press center, leaving attendees unable to print their tickets for events or get venue information. The Pyeongchang Winter Olympics organizing committee confirmed Sunday that a cyber attack hit its network helping run the event during the opening ceremony, which was fully restored on 8 am local time on Saturday—that's full 12 hours after the attack began. Multiple cybersecurity firms published reports on Monday, suggesting that the cause of the disruption was "destructive" wiper malware that had been spread throughout the Winter Games' official network using stolen credentials. Dubbed
Ukraine Police Warns of New NotPetya-Style Large Scale CyberAttack

Ukraine Police Warns of New NotPetya-Style Large Scale CyberAttack

October 14, 2017Swati Khandelwal
Remember NotPetya ? The Ransomware that shut down thousands of businesses, organisations and banks in Ukraine as well as different parts of Europe in June this year. Now, Ukrainian government authorities are once again warning its citizens to brace themselves for next wave of "large-scale" NotPetya-like cyber attack. According to a press release published Thursday by the Secret Service of Ukraine (SBU), the next major cyber attack could take place between October 13 and 17 when Ukraine celebrates Defender of Ukraine Day (in Ukrainian: День захисника України, Den' zakhysnyka Ukrayiny). Authorities warn the cyber attack can once again be conducted through a malicious software update against state government institutions and private companies. The attackers of the NotPetya ransomware also used the same tactic—compromising the update mechanism for Ukrainian financial software provider called MeDoc and swapping in a dodgy update including the NotPetya computer v
Turns Out New Petya is Not a Ransomware, It’s a Destructive Wiper Malware

Turns Out New Petya is Not a Ransomware, It's a Destructive Wiper Malware

June 28, 2017Swati Khandelwal
What if I say the Tuesday's devastating global malware outbreak was not due to any ransomware infection? Yes, the Petya ransomware attacks that began infecting computers in several countries, including Russia, Ukraine, France, India and the United States on Tuesday and demands $300 ransom was not designed with the intention of restoring the computers at all. According to a new analysis, the virus was designed to look like ransomware but was wiper malware that wipes computers outright, destroying all records from the targeted systems. Comae Technologies Founder Matt Suiche, who closely looked the operation of the malware, said after analyzing the virus, known as Petya, his team found that it was a " Wiper malware ," not ransomware. Security experts even believe the real attack has been disguised to divert world's attention from a state-sponsored attack on Ukraine to a malware outbreak. "We believe the ransomware was, in fact, a lure to control the
Exclusive Offers

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.