Data Wiper Malware Attack on Bahrain’s National Oil Company Linked to Iran, Part of an Ongoing …

Evidence of the kind of persistant threats that Iran’s neighbours face…:

[…] Saudi security experts believe that Bapco was originally compromised through its VPN servers in the summer of 2019, as part of a wave of exploits of remote execution bugs found in high-end commercial servers from companies like Palo Alto Networks and Fortinet.

It is unclear as to which Iranian hacking team deployed Dustman, but the IBM X-Force Incident Response and Intelligence Services (IRIS) team believes that APT34 or Hive0081 are the most likely culprits. Hive0081 are the creators of ZeroCleare and are linked to a series of attacks in the Middle East in 2019, and APT34 dates back to 2014 and is notorious for targeting individuals with malware documents passed via fake business pages on LinkedIn.


Original article here