Microsoft Warns of Russian Wiper Malware Targeting Israel, Iran

/MEDIUM
Written by SCW Threat Desk Threat Intelligence
SCW israeldata-breachidentitythreat-intel
Microsoft Warns of Russian Wiper Malware Targeting Israel, Iran

Microsoft’s Threat Intelligence division has identified a Russian-attributed wiper malware designed to erase data on infected Linux systems. According to Cyber News - Erez Dasa, this destructive malware activates only if it detects the compromised host is located in Israel or Iran, wiping the system clean.

The threat, detailed by Microsoft, underscores a targeted, geographically-aware attack vector. While the specific motivations behind the geo-fencing remain speculative, the destructive payload points to a clear intent to disrupt operations within the specified regions. This isn’t about data exfiltration; it’s about pure, unadulterated sabotage.

Defenders must act fast. Cyber News - Erez Dasa highlighted key mitigation steps: immediately isolate any affected Linux hosts, block the malicious IP address 83[.]142[.]209[.]194, hunt for artifacts like /tmp/transformers.pyz, pgmonitor[.]py, and pgsql-monitor.service, and rotate any credentials that might have been exposed on compromised systems.

What This Means For You

  • If your organization operates Linux infrastructure in Israel or Iran, assume you are a potential target. Immediately audit your Linux systems for the presence of the specified files (`/tmp/transformers.pyz`, `pgmonitor[.]py`, `pgsql-monitor.service`), block the IOC 83[.]142[.]209[.]194 at your perimeter, and review all Linux host logs for suspicious activity. Prioritize credential rotation for any potentially exposed accounts.

Written by SCW Threat Desk

Take action on this incident
📡 Monitor microsoft.com Free · 1 watchlist slot · instant alerts on new breaches 🔍 Threat intel on Microsoft All breaches, IOCs & vendor exposure

Related coverage on Microsoft

Foxconn Confirms Cyberattack on North American Factories

Foxconn, a critical player in the global technology supply chain, has confirmed a cyberattack impacting its North American manufacturing operations. While a spokesperson for the...

threat-inteldata-breachgovernment
/SCW Research /MEDIUM /⚙ 2 Sigma

Congress Probes Food Retailers Over Surveillance Pricing Practices

A U.S. Congressman has initiated an inquiry into how food retailers are leveraging consumer data for "surveillance pricing," a practice where prices are dynamically adjusted...

threat-inteldata-breachgovernment
/SCW Research /MEDIUM

West Pharmaceutical Hit by Ransomware, Data Stolen

West Pharmaceutical Services has confirmed a ransomware attack that led to data theft and system encryption. The incident, which occurred on May 4, prompted the...

threat-inteldata-breachgovernmentmalwareransomwaremicrosoft
/SCW Research /HIGH /⚙ 3 Sigma