EN
  • Cyber stability
  • Secops
  • Risks management
  • Digital transformation
  • Digital Sovereignty
  • Cybercrime
  • Industry and OT
  • Fraud
  • Digital identity
  • Cyber +
    • An Iranian-linked malware targets SCADA systems on Linux

    An Iranian-linked malware targets SCADA systems on Linux

    Written by
    The Editorial Team
    01.07.25
    Cyber stability Cybercrime
    01
    MIN
    An Iranian-linked malware targets SCADA systems on Linux
    An Iranian-linked malware targets SCADA systems on Linux
    An Iranian-linked malware targets SCADA systems on Linux
    Image From the Sea to the Servers: Behind the Scenes of the Cyber-Maritime War in the Gulf.
    Cyber stability
    05.26.26 Cyber stability
    Next article
    From the Sea to the Servers: Behind the Scenes of the Cyber-Maritime War in the Gulf.
    Read
    05
    MIN
    Image Canada: more than 42,000 data breaches in the tax system since 2020
    Cyber stability
    05.11.26 Cyber stability
    Next article
    Canada: more than 42,000 data breaches in the tax system since 2020
    Read
    01
    MIN
    Image Iranian APT group MuddyWater used Chaos ransomware as cover
    Cyber stability
    05.11.26 Cyber stability
    Next article
    Iranian APT group MuddyWater used Chaos ransomware as cover
    Read
    01
    MIN
    Image Ukrainian hacktivist groups BO Team and Head Mare cooperate against Russian targets
    Cyber stability
    05.11.26 Cyber stability
    Next article
    Ukrainian hacktivist groups BO Team and Head Mare cooperate against Russian targets
    Read
    01
    MIN
    A report by Claroty details this new malware, designed to target OT and IoT environments in Israel and the United States.

    Claroty, the cybersecurity company specializing in OT, published a report in mid-December 2024 on a new malware attributed to Iran and targeting SCADA and IoT systems running on Linux. Named “IOCONTROL,” the malware is believed to primarily target Israel and the United States. Researchers highlight its ability to attack IP cameras, routers, PLCs, human-machine interfaces (HMI), firewalls, and other IoT/OT platforms based on Linux.

    “Although the malware appears to have been custom-designed by the threat actor, it seems generic enough to operate on a variety of platforms from different vendors due to its modular configuration,” the Claroty report states. The ultimate goal of its infection chain is to deploy a backdoor that automatically executes with every device reboot.

    Claroty analyzed a strain of IOCONTROL found in a Gasboy fuel management system compromised by the Iran-affiliated group, Cyber Av3ngers. In late November 2024, the Chinese company QiAnXin XLab had already identified the same malware in a similar Orpak information system.

    “This malware is primarily a cyberweapon employed by a nation-state to attack critical civilian infrastructures; the Orpak and Gasboy fuel management systems are its known victims,” Claroty summarized.

    The Editorial Team
    01.07.25
    Articles by the same author:
    1
    05.27.26 Cyber stability
    The ECB summons European banks to discuss AI-related risks
    Read
    01
    MIN
    2
    05.25.26 Cybercrime
    France and the Netherlands lead the dismantling of First VPN, a service popular among cybercriminals
    Read
    01
    MIN
    3
    05.25.26 Cybercrime
    Arrest of Canadian man suspected of running the KimWolf botnet
    Read
    01
    MIN
    4
    05.25.26 Digital transformation
    Canada: government ready to amend its law on law enforcement access to data
    Read
    01
    MIN
    Image From the Sea to the Servers: Behind the Scenes of the Cyber-Maritime War in the Gulf.
    Cyber stability
    05.26.26 Cyber stability
    Next article
    From the Sea to the Servers: Behind the Scenes of the Cyber-Maritime War in the Gulf.
    Read
    05
    MIN
    Image Canada: more than 42,000 data breaches in the tax system since 2020
    Cyber stability
    05.11.26 Cyber stability
    Next article
    Canada: more than 42,000 data breaches in the tax system since 2020
    Read
    01
    MIN
    Image Iranian APT group MuddyWater used Chaos ransomware as cover
    Cyber stability
    05.11.26 Cyber stability
    Next article
    Iranian APT group MuddyWater used Chaos ransomware as cover
    Read
    01
    MIN
    Image Ukrainian hacktivist groups BO Team and Head Mare cooperate against Russian targets
    Cyber stability
    05.11.26 Cyber stability
    Next article
    Ukrainian hacktivist groups BO Team and Head Mare cooperate against Russian targets
    Read
    01
    MIN
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.
    Stay tuned in real time
    Subscribe to
    the newsletter
    By providing your email address you agree to receive the Incyber newsletter and you have read our privacy policy. You can unsubscribe at any time by clicking on the unsubscribe link in all our emails.