PowerShell Scripts Deployed for Wiper Malware Attacks, INCD Warns

/MEDIUM
SCW incdisraeladvisoryalert
PowerShell Scripts Deployed for Wiper Malware Attacks, INCD Warns

The Israel National Cyber Directorate (INCD) has issued a warning regarding a recent cyberattack employing PowerShell scripts to execute wiper malware. This malicious activity targets endpoints and servers, aiming to erase data and render systems inoperable.

The INCD highlights the significant threat posed by unrestricted or unmonitored use of PowerShell within organizational networks. The advisory emphasizes the importance of understanding this threat and implementing protective measures. The INCD has provided a file of indicators of compromise (IOCs) for integration into relevant organizational security systems, urging diligent monitoring.

Organizations are strongly advised to evaluate and implement methods for restricting access to and monitoring PowerShell activity. The INCD recommends testing these security controls in a non-production environment before deploying them to live systems to ensure effectiveness and compatibility.

Attached Files:

What This Means For You

  • Implement strict PowerShell execution policies and robust logging to detect and prevent unauthorized script execution and potential wiper malware deployment.

Related ATT&CK Techniques

T1059.001 PowerShell Execution T1561.002 Disk Content Wiping Impact

๐Ÿ›ก๏ธ Detection Rules

1 rule ยท 6 SIEM formats

1 detection rule mapped to MITRE ATT&CK. Free Sigma YAML below.

high T1059.001 Execution

Suspicious PowerShell Execution

Sigma YAML โ€” free preview

Source: Shimi's Cyber World ยท License & reuse

Indicators of Compromise

IDTypeIndicator
INCD Advisory Malware Execution PowerShell scripts
INCD Advisory Data Destruction wiper malware
INCD Advisory System Disruption endpoints and servers

By Shimi's Cyber World Editorial

Source & Attribution
Source PlatformINCD
ChannelIsrael National Cyber Directorate
PublishedApril 07, 2026 at 15:00 UTC
Original Linkhttps://www.gov.il/he/pages/alert_1987

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

Targeted Phishing Campaign Active in Israel Exploits Compromised Email Accounts

Shimi's Cyber World has learned of a targeted phishing campaign currently active in Israel, as reported by the Israel National Cyber Directorate (INCD). The campaign...

INCDisraeladvisoryalert
/MEDIUM /⚑ 3 IOCs /⚙ 3 Sigma

Unidentified RMM Tool Exploited in Active Attacks Against Israeli Organizations

Shimi's Cyber World has learned of an active cybersecurity campaign targeting Israeli organizations, leveraging an previously unidentified Remote Monitoring and Management (RMM) tool. The Israel...

INCDisraeladvisoryalert
/MEDIUM /⚑ 2 IOCs

Supply Chain Attack Targets Checkmarx Software Packages

The Israel National Cyber Directorate (INCD) has issued an alert regarding a supply chain attack that compromised several software packages maintained by Checkmarx. Malicious code...

INCDisraeladvisoryalert
/MEDIUM /⚑ 1 IOC /⚙ 3 Sigma