Thursday, September 1, 2016

Malware discovered in Iranian Oil Refineries
On 31 August 2016, Wapack Labs identified open source reporting from Iran that two of their oil refinery operations were recently infected with malicious software.  Iranian officials, who claim, fixed the software problem, deny that the malware was responsible for a series of fires at several petrochemical plants in Iran.  With political instability prevalent in Iran and other Middle East countries, the detection of cyber-attacks and numerous fires could indicate further destabilization.  We are providing this information for your situational awareness.

Publication date:                            31 August 2016

Handling requirements:                  Traffic light protocol (TLP) GREEN

Attribution/Threat Actors:              Malware attack to Iranian oil industry  

Actor Type:                                     Tier III   

Potential Targets:                           Iran

Past Reporting:                               DOC-2816, DOC-2713

The full attribution report has been published in its entirety in the Red Sky Alliance portal.  For more information please contact the lab directly at 844-4-WAPACK, 603-606-1246, or

About Wapack Labs

Wapack Labs, located in New Boston, NH is a Cyber Threat Analysis and Intelligence organization supporting the Red Sky Alliance, the FS-ISAC and individual organizations by offering expert level targeted intelligence analysis answering some of the hardest questions in Cyber.  Wapack Labs’ engineers, researchers and analysts use deep analysis techniques and visualization to design and deliver transformational cyber-security analysis tools that fuse open source and proprietary information.  The intelligence derived from these tools and techniques serve as the foundation of Wapack Labs’ information reporting to the cyber-security teams of its customers and industry partners located around the world.