DHS CISA warns of Iranian hackers’ habit of deploying data-wiping malware


CISA also warns against the favorite methods of other Iranian hackers: spraying passwords, stuffing credentials, spear-phishing.

The cyber-security agency of the Department of Homeland Security warns of enhanced cyber-activity by Iranian hackers and urges US firms to take protective action against the most prevalent methods of these hacker groups— the use of data-wiping malware, credential stuffing assaults, password spraying, and spear-phishing.

The alert was released in a tweet by Christopher Krebs, Director of the Cybersecurity and Infrastructure Security Agency (CISA).

According to a CBS News report, the CISA alert emerges as Iranian hackers introduced fresh waves of cyber-attacks on U.S. targets after escalating conflicts between the U.S. and Iran.

According to a Yahoo News article, the US reacted to these Iranian cyber attacks with a volley of its own.

The silent cyber war between the two nations is anticipated to continue, and now CISA management is warning US companies to take protective action against the most prevalent hacking methods used by renowned Iranian threat performers, such as: spear-phishing-go-to method of Iranian hackers, for which many have been prosecuted in the past by the U.S. Department of Justice.

Credential stuffing-Using username and password combinations leaked to access accounts on another service on third-party services.

Spray passwords-an assault procedure which requires a lot of usernames and loops them with a single password (such as 123456 or qwerty) to break accounts with poorly secured passwords.

Data wipers-malware that removes information from already compromised systems in order to avoid forensic analysis.

In the past, Iranian hackers used data-wiping malware. They implemented the Shamoon (DisTrack) malware against Saudi Arabia’s Saudi Aramco and Qatar’s RasGas domestic petroleum companies in 2012.

The malware washed clean hard drives, causing the two businesses to cease activities momentarily, resulting in enormous economic losses. Shamoon was revealed to wip over 35,000 Saudi Aramco pcs hard drives.

The malware was again used in 2016 and 2018, with the last event targeting the network of a Middle East-active Italian oil and gas business.

With the US in direct conflict with Iran, US officials fear that such damaging attacks could quickly be directed at US businesses.

The complete declaration of Krebs can be found below:

WASHINGTON – In response to reports of an increase in cybersecurity threats, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA) Director Christopher C. Krebs issued the following statement:

“CISA is aware of a recent rise in malicious cyber activity directed at United States industries and government agencies by Iranian regime actors and proxies. We will continue to work with our intelligence community and cybersecurity partners to monitor Iranian cyber activity, share information, and take steps to keep America and our allies safe.

“Iranian regime actors and proxies are increasingly using destructive ‘wiper’ attacks, looking to do much more than just steal data and money. These efforts are often enabled through common tactics like spear phishing, password spraying, and credential stuffing. What might start as an account compromise, where you think you might just lose data, can quickly become a situation where you’ve lost your whole network.

“In times like these it’s important to make sure you’ve shored up your basic defenses, like using multi-factor authentication, and if you suspect an incident – take it seriously and act quickly. You can find other tips and best practices for staying safe online here.

“Anyone who has relevant information or suspects a compromise should immediately contact us NCCICCUSTOMERSERVICE@hq.dhs.gov.”

Mark Funk
Mark Funk is an experienced information security specialist who works with enterprises to mature and improve their enterprise security programs. Previously, he worked as a security news reporter.