‘CanisterWorm’ Springs Wiper Attack Targeting Iran
Summary
A financially motivated group known as CanisterWorm has launched a worm that targets systems in Iran. The worm spreads via unsecured cloud services and deletes data on infected machines that are configured with Iran's time zone or use Farsi as the default language.
IFF Assessment
FOE
This is bad news for defenders as it indicates a new wiper attack campaign with the potential to disrupt critical systems and cause data loss.
Defender Context
Defenders in Iran and organizations with operations or data in Iran should be vigilant for signs of this wiper attack. This incident highlights the ongoing risk of cloud service misconfigurations being exploited and the targeted nature of some cyber threats.