Written by AJ Vicens
Feb 18, 2022 | CYBERSCOOP
The Jan. 27 hack of Iranian state broadcaster IRIB — which ran a message of support for opposition leaders and called for the assassination of Iran’s supreme leader — came with previously unidentified wiper malware, according to research that suggests the incident was more destructive than initially assumed.
Researchers with Check Point, a Tel Aviv-based cybersecurity company, published the findings Friday based on what it said were files and other forensic evidence connected to the hack. Iranian officials acknowledged the attack at the time, saying that “disruptions” also occurred on another television channel and two radio stations, and called the hack “complex.” The breach occurred the day before Iran began its multi-day celebration of the 1979 revolution.
“We could not find any evidence that these tools were used previously, or attribute them to a specific threat actor,” the researchers wrote.
The files found and analyzed by Check Point include the wiper; the software used to play the video; malware that takes screenshots of target screens; evidence of custom-made backdoors; and files for installing and configuring malicious executables. Check Point didn’t speculate on what else those tools might have been used