IRIB Wiper Malware Attack

IRIB – the Islamic Republic of Iran Broadcasting, is nowadays busy investing in a hazardous Wiper Malware Attack in the latter days of last January.  This kind of cyber attack on Iranian national media group is such a threat to the national security of the country which ultimately can cause serious damage to the database of its citizens and organizational sensitive information.

This heinous happening that the attackers did was aimed to disrupt the state’s broadcasting networks as well as to cause serious damage to the TV and radio channels as officially reported by the Tel Aviv-based Cyber Security enterprise Check Point in a recent report published latest week.

It was merely a short 10-seconds attack on 27th January 2022 that compromised the state broadcaster IRIB’s official data networks which led to the official data breaching.

Dangerous Wiper Malware File

This short data breaching mainly involved the two main features as below:

  • Pictures were broadcasted of Mujahedin-e-Khalq Organization (MKO) leaders Maryam and Massoud Rajavi without the official consent of IRIB.
  • It also comprised a call for the killing of Supreme Leader Ayatollah Ali Khamenei.

IRIB Data Loss Prevention

Check Point also made clear that they did not have satisfactory pieces of evidence to make a formal imputation to a particular threat actor, and it is still a mystery how the attackers were able to access the targeted networks.  The relics revealed till now comprise some files responsible for the following:

  • Establishing backdoors and their persistence,
  • Launching the “malicious” video and audio files, and
  • Installation of the concerned malware – wiper to interrupt operations in the hacked networks.

In addition, the concerning cyberattack included interfering with the video stream utilizing a batch script to erase the viable accompanying files “TFI Arista Playout Server”, a broadcasting software employed by IRIB, and performing the video file (“TSE_90E11.mp4”) in a loop.

The following intrusion also carved a path for installing the Wiper Malware whose prime motto was to infect the files kept in the computers, not to confirm the deletion of the master boot record (MBR), clear Windows Event Logs, remove backups, destroy processes, and modify users’ credentials such as IDs and Passwords.

Moreover, the cyber attacker advantaged the main 4 backdoors during the intrusion such as the following:

  • WinScreeny,
  • HttpCallbackService,
  • HttpService, and
  • ServerLaunch – a dropper initiated with HttpService.

Collectively, the wiper malware’s different sections allowed the harmful effects to take screenshots, take commands from the remote threat acting server, and execution of the distinguished malicious procedures.

How They Tackle The Dangerous Wiper Malware?

Since the malicious threat actors do not possess the right kind of equipment for doing things perfectly, it was only a short 10-seconds attack they were able to produce with those software and techniques they possessed.  But it could be even worse.  The state broadcaster organization – IRIB should have known that they have vulnerabilities and loopholes in their networking system which should be detected in due time as they have the dignity and decorum to maintain in the international market.

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *

Open chat
Can we help you?