Iranian Hackers Deploy IOCONTROL: New Cyber Weapon Threatens US and Israeli Infrastructure

Iranian Hackers Deploy IOCONTROL: New Cyber Weapon Threatens US and Israeli Infrastructure

Iranian Hackers Deploy IOCONTROL Malware to Target Critical Infrastructure

A sophisticated malware named IOCONTROL has emerged as a significant threat to critical infrastructure in Israel and the United States. Developed by the Iranian hacking group CyberAv3ngers, this nation-state cyberweapon specifically targets Internet of Things (IoT) devices and OT/SCADA systems.

Target Scope and Impact:
– Affected devices include routers, PLCs, HMIs, IP cameras, firewalls, and fuel management systems
– Major manufacturers targeted: D-Link, Hikvision, Baicells, Red Lion, Orpak, Phoenix Contact, Teltonika, and Unitronics
– Approximately 200 gas stations reportedly compromised in Israel and the U.S.

Technical Capabilities:
– Modular design allowing adaptation to various device types and architectures
– Persistence through boot-level script execution
– MQTT protocol communication through port 8883
– DNS over HTTPS (DoH) for C2 communication
– AES-256-CBC encryption for configuration

Key Functions:
1. System information reporting
2. Execution verification
3. Remote command execution
4. Self-deletion capability
5. Network port scanning

Security Implications:
– Zero detection rate across 66 VirusTotal antivirus engines
– Potential for significant disruption to critical infrastructure
– Ongoing campaign with new attacks emerging in mid-2024

The malware’s sophisticated design and targeting of critical infrastructure components make it a serious threat requiring immediate attention from security professionals and infrastructure operators.

Share This Article