November 13, 2023 at 12:12AM
Cybersecurity researchers have identified a new version of a wiper malware called BiBi-Windows Wiper, which targets Windows systems. This variant is an expansion of the previous BiBi-Linux wiper used in cyber attacks against Israel during the recent Israel-Hamas war. The malware overwrites data in the C:\Users directory with junk data and prevents file recovery by deleting shadow copies. The exact distribution method and real-world deployment are currently unknown. The wiper has similarities to another geopolitical actor known as Moses Staff, suspected to be of Iranian origin.
Key Takeaways from Meeting Notes:
1. There is a Windows version of a wiper malware called BiBi-Windows Wiper that was previously seen targeting Linux systems.
2. The original BiBi-Linux Wiper was used by a pro-Hamas hacktivist group during the Israel-Hamas war.
3. The Windows variant suggests that the creators of the wiper are expanding their attacks to target end user machines and application servers.
4. The Windows variant overwrites data in the C:\Users directory with junk data and appends .BiBi to the filename.
5. The wiper was compiled on October 21, 2023, two weeks after the onset of the war, but the exact distribution method is unknown.
6. The wiper corrupts all files except those with .exe, .dll, and .sys extensions, and deletes shadow copies to prevent file recovery.
7. The wiper has multithreading capability, running 12 threads with eight processor cores for faster destruction.
8. It is unclear if the wiper has been deployed in real-world attacks and who the targets are.
9. Security Joes, a cybersecurity firm, believes the wiper is part of a larger campaign targeting Israeli companies and disrupting their operations through data destruction.
10. There are tactical overlaps between the pro-Hamas hacktivist group and another actor codenamed Moses Staff, suspected to be of Iranian origin.
11. While the campaign focused on the Israeli IT and government sectors, some participating groups have a history of targeting organizations across different sectors and locations.
Please note that these takeaways are based on the information provided in the meeting notes.