Bahrain’s National Oil Company Hit by Iranian “DustMan” Data Wiper

The Bahrain National Oil Company was attacked by Iranian state-sponsored hackers implanting a destructive data wiper nicknamed "DustMan." 

Following the lethal US drone strike that resulted in the death of Maj. Gen. Qassim Suleimani, the Iranian Government said they would retaliate and it now appears they may have shown their cyber hand .  

On Jan 4, 2020, The US Department of Homeland Security issued a National Terrorism Advisory Bulletin citing the need for raised cyber awareness as it is one of the go to weapons that could be used in the Iranian arsenal.

DHS noted that while there is currently “no information indicating a specific, credible threat to the Homeland,” Iran does have the ability to attack the U.S. in cyberspace. 

“Previous homeland-based plots have included, among other things, scouting and planning against infrastructure targets and cyber enabled attacks against a range of U.S.- based targets,” according to DHS.

Most cyber security experts speculated that a retaliatory attack might include the use of destructive wiper malware as Iran has used destructive data wipers as far back as 2012.  So we've been warned and US companies and their affiliates all over the world should take heed and stay on heightened alert.   

According to ZDNET “Iranian state-sponsored hackers have deployed a new strain of data-wiping malware on the network of Bapco, Bahrain's national oil company, ZDNet has learned from multiple sources.

The incident took place on December 29. The attack did not have the long-lasting effect hackers might have wanted, as only a portion of Bapco's computer fleet was impacted, with the company continuing to operate after the malware's detonation.

ZDNet has learned from several sources that the Bapco incident is the cyber-attack described in a security alert published last week by Saudi Arabia's National Cybersecurity Authority. Saudi officials sent the alert to local companies active on the energy market, in an attempt to warn of impending attacks, and urging companies to secure their networks.”

ZDNET also reported : “Iranian Destructive Wipers have been linked in the past to Iran's foray into data-wiping malware going back to 2012 when they developed Shamoon (also known as Disttrack), a piece of malware that was responsible for wiping more than 32,000 PCs at the Saudi Aramco oil company in Saudi Arabia, in one of the world's most infamous cyber-attacks. Two more Shamoon versions were discovered in the following years, Shamoon v2 (used in 2016 and 2017) and Shamoon v3 (used in 2018 and 2019).

On December 4th, 2019,  Bleeping Computer reported that the IBM X-Force Incident Response and Intelligence Services (IRIS) research team who discovered ZeroCleare says that it was likely developed by two Iran-backed threat actors, namely APT34 (aka Oilrig, ITG13) and another Iranian threat group tracked by IBM X-Force IRIS as Hive0081 (aka xHunt).

Recorded Future observed that Iranian responses would likely be be measured Asymmetric Retaliatory Attacks designed to to avoid full confrontation with the US; however that gives the green light to Iranian State and State Sponsored actors to pursue a much more persistent and possibly destructive threat to the cyberworld.

Read the story on ZDNET

Comments are closed.