A report by Claroty details this new malware, designed to target OT and IoT environments in Israel and the United States.

Claroty, the cybersecurity company specializing in OT, published a report in mid-December 2024 on a new malware attributed to Iran and targeting SCADA and IoT systems running on Linux. Named “IOCONTROL,” the malware is believed to primarily target Israel and the United States. Researchers highlight its ability to attack IP cameras, routers, PLCs, human-machine interfaces (HMI), firewalls, and other IoT/OT platforms based on Linux.

“Although the malware appears to have been custom-designed by the threat actor, it seems generic enough to operate on a variety of platforms from different vendors due to its modular configuration,” the Claroty report states. The ultimate goal of its infection chain is to deploy a backdoor that automatically executes with every device reboot.

Claroty analyzed a strain of IOCONTROL found in a Gasboy fuel management system compromised by the Iran-affiliated group, Cyber Av3ngers. In late November 2024, the Chinese company QiAnXin XLab had already identified the same malware in a similar Orpak information system.

“This malware is primarily a cyberweapon employed by a nation-state to attack critical civilian infrastructures; the Orpak and Gasboy fuel management systems are its known victims,” Claroty summarized.

Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
Stay tuned in real time
Subscribe to
the newsletter
By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.