CanisterWorm Resurfaces, Targeting Iranian Government and Industry

KrebsOnSecurity has confirmed that the destructive CanisterWorm wiper has reappeared, this time focusing on Iranian governmental agencies and critical industrial firms. The attack chain begins with a phishing email containing a malicious attachment that leverages macro execution to drop a downloader. Once executed, the downloader installs a multi‑stage payload that ultimately overwrites the boot sector and corrupts file systems, rendering the compromised machines unusable.

The impact is immediate loss of availability: infected systems become inoperable, forcing organizations to rebuild from backups or replace hardware. Because the wiper disables core infrastructure, recovery times can extend for days or weeks, disrupting essential services and potentially causing financial and reputational damage. Defenders must prioritize detection of macro‑based phishing attachments, enforce strict macro policies, and ensure robust, air‑gapped backup strategies to mitigate the risk of similar wiper campaigns.

Categories: Malware & Ransomware, Threat Intelligence

Source: Read original article