FBI Warns US Businesses of Possible Wiper Malware Attacks

The FBI sent security professionals at US businesses a five-page confidential flash warning, alerting them to destructive malware attacks that overwrite hard drives leaving them inoperable.

The FBI issued a five-page flash warning yesterday urging American enterprises to be on the lookout for wiper malware.

The alert, a Reuters report said, described some details about the malware but kept the victim anonymous.

It’s general practice for the FBI not to name victims in such alerts. The timing of the warning, however, is curious since it follows on the heels of the Sony Pictures breach in which a number of unreleased movies were leaked online and other systems were damaged and kept offline.

Reuters said the description of the malware in the flash alert said the code overrides data on hard drives making them inoperable.

Flash alerts are confidential and sent to businesses thought to be in harm’s way.

Wiper malware has been used in a number of high-profile attacks, the most infamous being the Shamoon attack against Saudi oil company Aramco in August 2012. Shamoon left tens of thousands of workstations inoperable at the oil facility, but did not hamper oil production. The malware overwrites the Master Boot Record on a hard drive after it probes and steals data from the machine.

Researchers at Kaspersky Lab followed bread crumbs left by some wiper malware used in attacks against businesses in Iran that eventually led the to the Flame malware. Flame is espionage malware, discovered in 2012 by researchers at CrySys Lab and Kaspersky Lab, in use against targets primarily in the Middle East.

In early 2013, wiper malware was used in attacks against businesses and media outlets in South Korea, including major banks and the country’s top television network. As in other similar attacks, the master boot record was overwritten, leaving behind a bricked computer.

News of the attack against Sony’s systems broke early last week before the Thanksgiving holiday. Systems were down and unusable, and screens popped up claiming that Sony had been “Hacked By #GOP,” a hacker group named Guardians of Peace. The notice, alongside a red skull, went on to warn the company that it had “obtained all your internal data including your secrets and top secrets” and that it would release it unless the company obeyed the group.

Since then, the hackers have been leaking data online, including a number of unreleased movies. Law enforcement is investigating, and yesterday, reports surfaced that North Korea could be behind the attacks because of Sony’s upcoming film, “The Interview.”

The plot of the film, scheduled to be released on Dec. 25, revolves around a fictional attempt by the CIA to assassinate North Korea’s leader Kim Jong Un. When details regarding “The Interview” were first announced, back in June, a spokesman for the North Korean Foreign Ministry condemned the film, calling it a “blatant act of terrorism and war.”

“If the U.S. administration allows and defends the showing of the film, a merciless counter-measure will be taken,” the statement, via the republic’s Korean Central News Agency, read.

Suggested articles

Discussion

  • WC on

    Sure N Korea is going to go to war over this movie. Well if it does, we can finally remove the wart from the face of the earth.
  • Anonymous on

    The master boot record was overwritten, leaving behind a bricked computer? Bricked OS, maybe. But definitely not a bricked computer.

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.