DHS Warns of Incoming Iranian Wiper Attacks

DHS Warns of Iranian Wiper Attacks

The Department of Homeland Security (DHS) is warning government agencies and US industries to stay aware of incoming Wiper Attacks from Iran.

Beware of Wiper Attacks

DHS Press Release

In a press release from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), Director Christopher C. Krebs warned the public of “a recent rise in malicious cyber activity directed at the United States”, indicating potential cyber attacks against government agencies and businesses from Iranian regime actors. Krebs addresses the use of potential “wiper attacks” which are designed to completely eradicate an agency’s data and network systems, with the intent of ceasing network systems operations. These attacks are dangerous as there is little chance of recovering the data and restoring information.

These wiper threats are initiated with common cyber attacks such as password spraying, spear-phishing, and credential stuffing attacks. Once inside a network, the cyber regime can begin running data-wiping malware that destroys files and operational networks. The purpose of these attacks are to uncover which information is most important to processes of these agencies and terminate any data and it’s access. This isn’t the first malware that’s been designed to wipe out data and cut off networks, a similar variant Shamoon has been spotted in years past. 

Proven Data Locates IPs

In June 2019, members from our security analyst team recognized incoming cyber threats from IP addresses stemming from IR (Iran) IP addresses used in connection with incidents located here in the United States.

Proven Data Evidence of Logs with Iranian IP on US Incident

IP Address analysis via Ultratools Verification Process June 2019

Reducing Risk of Wiper Attacks

With a warning of approaching cyber attacks, U.S. government agencies and businesses must ensure they are doing more to protect their data and networks. CISA Director Krebs advocates U.S. agencies to be proactive with “basic defenses, like using multi-factor authentication”. Enabling multi-factor authentication and improved password management can greatly reduce the risk of falling victim to these Wiper attacks. We strongly suggest a major overhaul of the data backup section of the government agency security framework and backup consistently! 

Tensions Rise

The recent attack on an unmanned U.S. drone from a Iranian missile sparked pressure between Iranian militant forces and the United States military. As pressure builds for government leaders and officials to take action, Iran is developing a new pattern of cyber threats aimed at vulnerable US government agencies and industrial enterprise. We can all help by being alert and creating more awareness for our local and national communities. 

The CISA press release concludes with the appropriate information to report relevant information direction to the Department of Homeland Security (DHS): ⬇️

““Anyone who has relevant information or suspects a compromise should immediately contact us at [email protected].””

Sign up for the Proven Data Newsletter to get the latest news, updates, and content from our team & partners!


[1] CISA Statement on Iranian Cybersecurity Threats, Department of Homeland Security (DHS), June 22 2019, https://www.dhs.gov/cisa/news/2019/06/22/cisa-statement-iranian-cybersecurity-threats

[2] Mystery malware wreaks havoc on energy sector computers, Ars Technica, August 12, 2012,  https://arstechnica.com/information-technology/2012/08/shamoon-malware-attack/

[3] Iran Shoot Down US Drone, CNN, June 20 2019,  https://www.cnn.com/politics/live-news/iran-us-drone-shot-down-latest-intl/index.html

Recommended Posts