Safe Breach Labs cybersecurity experts: The threat actor infects victims via Farsi phishing emails with a PowerShell stealer malware.
Stuxnet, the malware that in 2009 blocked the centrifuges at the Natanz nuclear power plant, is back. It attacks the TLC structures of Iran, which accuses Israel and promises legal actions
There is a new generation of the Stuxnet virus that is affecting the telecommunications (TLC) infrastructure in Iran. Tehran denounced the cyber attack accusing Israel of being behind it and threatening legal action. This, because in 2009 it was thanks to the malware – spread with a USB stick-, that the centrifuges of the atomic power plant of Natanz were put out of play. The operation was attributed to the United States and the Jewish country, but there has never been any official claim. Now, about 10 years later, the same malicious code reappears in an updated version. This seems to have been identified by the cyber security experts of the Islamic Republic, who would be able to block it, before it broke into the TLC networks. On the method of infection / propagation and its characteristics, on the other hand, details from the Middle Eastern country have not been provided for the moment.
The operation of cyber warfare against Teheran, however, seems strange. The cyber security experts do not exclude a “False Flag” type. If Israel had attacked, it would have done it with different malware
The discovery of the new version of Stuxnet, if confirmed, can have a double reading. The first one sees the intensification of the cyber warfare between the US-Israel on the one hand and Iran on the other. In this case, the virus was probably sent to test Tehran’s cyber security. The second hypothesis, which convince more cyber security experts, is that this is a “deception” action. Someone wants to blame Israel for the cyber attack. The “false flag” operations are very common in the cybernetic domain. In practice, different opponents are simulated to deceive the victim and make the identification of the real aggressor more difficult if not impossible. If Israel had indeed struck the Islamic Republic with malware, it would hardly use some well “known”. Both because there are real risks that the country has developed countermeasures against them over the years and because the attribution would be all too easy.