Iranian state-sponsored hackers have deployed a new strain of data-wiping malware on the network of Bapco, Bahrain's national oil company, ZDNet has learned from multiple sources.
The incident took place on 29 December. The attack did not have the long-lasting effect hackers might have wanted; only a portion of Bapco's computer fleet was affected, with the company continuing to operate after the malware's detonation.
ZDNet has learned from several sources that the Bapco incident is the cyberattack described in a security alert published recently by Saudi Arabia's National Cybersecurity Authority. Saudi officials sent the alert to local companies active on the energy market in an attempt to warn of impending attacks, urging companies to secure their networks.
The Bapco security incident came to light amid rising political tensions between the US and Iran after the US military killed a top Iranian military general in a drone strike last week.
Although the Bapco incident doesn't appear to be connected to the current US-Iranian political tensions, it does come to show Iran's advanced technical capabilities when it comes to launching destructive cyberattacks—something about which the US Department of Homeland Security had warned in an alert published over the weekend.
The Dustman Malware
At the heart of the recent Bapco attack is a new strain of malware named Dustman. According to an analysis by Saudi Arabia's cybersecurity agency, Dustman is a so-called data wiper—malware designed to delete data on infected computers once launched into execution.
Dustman represents the third different data-wiping malware linked to the Tehran regime. Iranian state-backed hackers have a long history of developing data-wiping malware.