New Disk Wiping Malware Targets Israel

Apostle seems to be a new strain of malware that destroys data.

In a post published Tuesday, SentinelOne researchers said they assessed with high confidence that based on the code and the servers Apostle reported to, the malware was being used by a newly discovered group with ties to the Iranian government. While a ransomware note the researchers recovered suggested that Apostle had been used against a critical facility in the United Arab Emirates, the primary target was Israel.

Tags: , , , ,

Posted on May 26, 2021 at 9:33 AM5 Comments

Comments

Hedo May 26, 2021 10:07 AM

That’s a bad one. I sold a similar one back in the 90s to a good friend of mine. We had a “mutual” enemy (from SK&NK) that kept attempting to breach our Windows machines, so I thought, well, enough is enough, and infested their machines with a fine, fine, fine one, that kept duplicating/replicating (copy/pasta) all files on their systems and renaming them to the file names with file naming conventions that were “too long to handle” for their machines until the disks were full and unreadable/corrupted. A miracle happened: ever since that event, they stopped scanning our network for open ports.

Steve Szmidt May 26, 2021 12:16 PM

The “good old days” 🙂

On what I think was a security related forum (Full Disclosure?) a discussion was going on and this kid was being very annoying. He kept saying things such as “Give me your IP and I will hack you!” After a while someone gave him the loop back address. The kid then typed, “Ha, I’m in!”, “You have three drives!”, “Formatting your E drive…”, “There goes your D drive!”, “And your C drive!”. Which was the last we ever heard of him.
Once the laughter died down things resumed to normal.

Higgs May 26, 2021 5:42 PM

In the linked post, the SentinelOne researchers do NOT say they “assessed with high confidence that based on the code and the servers Apostle reported to, the malware was being used by a newly discovered group with ties to the Iranian government”.

They say “Based on technical analysis of the tools and attack infrastructure, we assess with medium confidence that the attacks were carried out by a threat group affiliated with Iran”. There is no mention that I can find of the “Iranian government”.

Hard to understand How Ars got this so wrong.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.