"Latest Cyberattack Against Iran Part of Ongoing Campaign"

Iran's steel industry is being targeted by ongoing cyberattacks that have previously disrupted the country's rail system. Malware used in last week's crippling cyberattacks on Iranian steel plants is linked to an attack that shut down the country's rail system last year. In both cases, one malware strain was used to impact physical and critical infrastructure, according to a report from Check Point Research. The overlaps in the code, together with contextual clues and recycled jokes, suggest that the attacks on Iran's infrastructure are being carried out by the same threat actor, dubbed Indra. The perpetrators of both the steel and railway attacks left a notice instructing victims and passengers to call a specific phone number belonging to the office of Ayatollah Khamenei. Check Point claims that the malware used in both campaigns overlaps. An executable (chaplin.exe) discovered in last week's attack is a variant of meteor malware, a wiper strain believed to have been used in last year's attack on Iran's railway system. According to the researchers, it is obvious that both variants share a codebase. Chaplin is a separate name for the malware. This article continues to discuss recent cyberattacks against Iran's steel manufacturing industry.

Threatpost reports "Latest Cyberattack Against Iran Part of Ongoing Campaign"