Privacy Ninja



        • Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Hackers Behind Iranian Wiper Attacks Linked to Syrian Breaches

Hackers Behind Iranian Wiper Attacks Linked to Syrian Breaches

Destructive attacks that targeted Iran’s transport ministry and national train system were coordinated by a threat actor dubbed Indra, who previously deployed wiper malware on the networks of multiple Syrian organizations.

Last month, Iran’s railways and transport ministry were hit by a cyberattack that took down their websites and disrupted train service throughout the country.

“The attacks on Iran were found to be tactically and technically similar to previous activity against multiple private companies in Syria which was carried at least since 2019,” Check Point Research analysts who made the connection said.

“We were able to tie this activity to a threat group that identify themselves as regime opposition group, named Indra.”

The attackers deployed a previously unseen file wiper called Meteor on the targets’ systems. They displayed messages on the railway’s message boards saying that the trains were canceled or delayed, asking passengers to the office of Supreme Leader Ali Khamenei for more information.

Also Read: 5 Types of Ransomware, Distinguished

Hacktivist or cybercrime group targeting IRGC-affiliated entities

Wipers, Nuke-it-From-Orbit-ware as Check Point Research called them, are designed to destroy data or brick breached devices, usually as cover for other attacks taking place at the same time.

Indra developed and deployed at least three different variants of a wiper dubbed Meteor, Stardust, and Comet on victims’ networks throughout the years since they first surfaced in 2019.

Despite this, the group’s modus operandi, the quality of their tools, and willingness to claim attacks on social media make it unlikely that Indra is a nation-state sponsored threat actor.

However, as SentinelOne security researcher Juan Andres Guerrero-Saade observed in a report analyzing the Iranian attack published two weeks ago, the threat actor was able to remain undetected during the reconnaissance phase of their attack despite showing a general lack of skill. 

“There’s feature redundancy between different attack components that suggests an uncoordinated division of responsibilities across teams,” Guerrero-Saade said. “And files are dispensed in a clunky, verbose, and disorganized manner unbecoming of advanced attackers.”

Regardless of their skill level, Indra identify themselves as a group opposing the Iranian regime. Based on Iranian media reports from last year, they also have ties to cybercriminal or hacktivist groups that target entities affiliated with the Islamic Revolutionary Guard Corps (IRGC), a branch of the Iranian Armed Forces.

Iranian wiper attacks remain unclaimed

Indra has previously shared successful attacks on social media on multiple platforms, including Twitter, Facebook, Telegram, and Youtube.

Based on the group’s social media activity of Indra since 2019, Check Point Research found that Indra has claimed the following attacks:

  • September 2019: an attack against Alfadelex Trading, a currency exchange and money transfer services company located in Syria.
  • January 2020: an attack against Cham Wings Airlines, a Syrian-based private airline company.
  • February 2020 and April 2020: seizure of Afrada’s and Katerji Group’s network infrastructure. Both companies are situated in Syria as well.
  • November 2020: Indra threatens to attack the Syrian Banias Oil refinery, though it is not clear whether the threat was carried out.

However, the hacking group chose not to take responsibility for last month’s attacks against the Iranian Railways and the Ministry of Roads and Urban Development.

Also Read: Data Protection Policy: 8 GDPR Compliance Tips

Despite this, Check Point Research was able to find multiple similarities (the tools and Tactics, Techniques and Procedures (TTP), and the attack’s highly targeted nature) directly connecting them with these incidents.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us