Researchers with cybersecurity company SentinelOne reconstructed the recent cyberattack on Iran’s train system in a new report, uncovering a new threat actor — which they named ‘MeteorExpresss’ — and a never-before-seen wiper.
On July 9, local news outlets began reporting on a cyberattack targeting the Iranian train system, with hackers defacing display screens in train stations by asking passengers to call ‘64411’, the phone number of Iranian Supreme Leader Khamenei’s office.
Train services were disrupted and just one day later, hackers took down the website of Iran’s transport ministry. According to Reuters, the ministry’s portal and sub-portal sites went down after the attack targeted computers at the Ministry of Roads and Urban Development.
Read more…
Source: ZDNet