HomeUpdateThis Dangerous malware is spread across an Iranian broadcast

This Dangerous malware is spread across an Iranian broadcast

-

Last Updated on 21/02/2022 by Nidhi Khandelwal

As the country’s national infrastructure continues to face a wave of attacks aimed at inflicting serious damage, an investigation into a cyberattack targeting Iranian national media corporation, Islamic Republic of Iran Broadcasting (IRIB), in late January 2022 resulted in the deployment of a wiper malware and other custom implants.

This Dangerous malware is spread across an Iranian broadcast 1

In a report released last week, Tel Aviv-based cybersecurity firm Check Point stated, “This indicates that the attackers’ goal was also to disrupt the state’s broadcasting networks, with the damage to the TV and radio networks probably more substantial than officially disclosed.”

On January 27, a breach of state broadcaster IRIB allowed images of Mujahedin-e-Khalq Organization (MKO) leaders Maryam and Massoud Rajavi to be broadcast alongside a call for the killing of Supreme Leader Ayatollah Ali Khamenei.

Custom malware capable of snapping images of the victims’ screens, as well as backdoors, batch scripts, and configuration files required to install and configure the malicious executables, were also employed during the hack.

This Dangerous malware is spread across an Iranian broadcast 2

Behind the scenes, a batch script was used to disrupt the video feed by deleting the executable associated with TFI Arista Playout Server, a broadcasting software used by IRIB, and looping the video file (“TSE 90E11.mp4”).

The attack also allowed for the installation of a wiper, which has the primary goal of corrupting the computer’s contents, as well as erasing the master boot record (MBR), clearing Windows Event Logs, deleting backups, killing processes, and changing users’ passwords.

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

This is how Russia is being punished for the war

0
The developer of the popular "node-ipc" NPM package published a new modified version to denounce Russia's invasion of Ukraine, sparking concerns about open-source and...