A cyberattack reportedly disrupted operations at medical device giant Stryker.

The hacktivist group Handala claims it wiped internal systems and exfiltrated 50TB of data using destructive malware.

https://www.technadu.com/stryker-cyberattack-wipes-employee-devices-handala-claims-closing-almost-80-offices-belonging-to-the-us-medical-giant/623090/

#infosec #cybersecurity #wipermalware #threatintel

A red-team wiper emulating Sandworm (GRU Unit 74455) has been published - a 90-line Go binary demonstrating LotL execution across 121 MITRE ATT&CK techniques including T1490, T1561.001, and T1070.001.

Full report:
https://www.technadu.com/sandworm-gru-unit-74455-red-team-wiper-released-as-training-sample/614498/

Follow @technadu for more threat intel updates.

#Sandworm #GRU74455 #MITREATTACK #RedTeam #BlueTeam #Infosec #WiperMalware

Iranian cyberattacks are ramping up—and they’re hitting critical infrastructure, defense, and businesses. From AI-generated phishing and deepfake propaganda to wiper malware targeting ICS and backups, Iranian threat actors are evolving fast.

In this episode of Cyberside Chats, @sherridavidoff and @MDurrin break down the latest threats, real-world incidents, and what your organization can do to prepare.

🎥 Watch the video: https://youtu.be/vC29SaWdqG4

🎧 Listen to the podcast: https://www.chatcyberside.com/e/the-title-of-cschats_308hyzz/

#Cybersecurity #WiperMalware #AIphishing #MFA #PatchTuesday #CriticalInfrastructure #CybersideChats #CISO #cyberattacks #IT #Infosec #ITsecurity #ThreatIntel

Imagine trusted Go modules turning your Linux system into a ticking time bomb. Hackers are hiding wiper malware in code you might use every day—what's really lurking in your development environment?

https://thedefendopsdiaries.com/unveiling-the-threat-linux-wiper-malware-in-malicious-go-modules/

#linuxmalware
#gomodules
#cybersecurity
#supplychainattack
#wipermalware

Analysis of AcidRain Malware Variant "AcidPour" and Its Impact on Ukraine

Date: 19 March 2022
CVE: Not specified
Sources: https://www.hackread.com/acidrain-linux-malware-variant-acidpour-ukraine/

Issue Summary

AcidRain, a destructive wiper malware, has been identified as a potential threat linked to the cyberattack on Viasat's KA-SAT satellite broadband service. This malware targets modems and routers, specifically designed to erase their storage contents, rendering the devices inoperable. The attack on Viasat disrupted communications across Ukraine and Europe, marking a significant cyber incident amidst the ongoing conflict between Russia and Ukraine.

Technical Key findings

AcidRain works by recursively deleting files and then attempting to destroy data on various storage devices, such as flash memory and SD/MMC cards, by overwriting them with up to 0x40000 bytes of data or using specific IOCTLS for erasure. This approach suggests a brute-force method, possibly indicating the attackers' desire for the tool to remain generic and reusable across different firmware. SentinelOne researchers found developmental and code overlaps with the VPNFilter malware, hinting at a connection to known Russian APT groups.

Vulnerable products

The attack mainly targeted satellite modems connected to the KA-SAT network, affecting thousands of modems across Europe. However, the malware's generic design suggests that it could potentially impact a wide range of routers and IoT devices with similar storage systems.

Impact assessment

The primary impact is the rendering of targeted modems and routers unusable, causing significant disruptions in satellite communications. This not only affects individual users but also has broader implications for organizations relying on satellite networks for their operations, including remote access to infrastructure and communications across Europe.

Patches or workaround

Specific patches or workarounds for AcidRain were not detailed in the sources. However, the fundamental mitigation involves securing network devices against unauthorized access and ensuring firmware is up to date to reduce vulnerabilities that could be exploited by similar malware.

Tags

#AcidRain, #AcidPour, #Ukraine, #ViasatAttack, #VPNFilter, #WiperMalware, #CyberSecurity, #RouterSecurity, #ModemWiper

A new version of #SysJoker written in #Rust is being used against #Israel, currently attributed to #Hamas actors https://thehackernews.com/2023/11/hamas-linked-cyberattacks-using-rust.html

#WiperMalware #Exfil #DataExfiltration #CyberWarfare

Wiper Malware Surges Ahead, Spiking 53% in 3 Months 👇  

https://www.darkreading.com/attacks-breaches/wiper-malware-surges-ahead-spiking-53-in-3-months

#cybersecurity #malware #wipermalware