A new destructive malware family dubbed CanisterWorm has been observed wiping data across Iranian government and private‑sector systems. The wiper employs a file‑corruption routine that overwrites critical files and disables recovery mechanisms, leading to permanent data loss and immediate service outages. Early reports from Krebs on Security confirm that the campaign is active and appears to be targeting a broad range of Iranian infrastructure.

Defenders worldwide should take note because the techniques used by CanisterWorm—specifically its low‑level disk‑tampering and rapid file‑shredding—are novel enough to evade many traditional antivirus signatures. The malware’s code shares components with previously seen wipers, suggesting a possible evolution of known threat actors. Organizations should verify backup integrity, monitor for unusual file‑modification patterns, and update detection rules with the emerging IOCs to prevent collateral infection or spill‑over attacks.