ZeroCleare

basic information

description

APT34 attacked middle-eastern oil companies with its new file-deleting malware ZeroCleare

sources attribution

Not available

sources politicalization

Not available

start

2019

end

01.06.2019

source incident detection disclosure

Incident disclosed by IT-security company

receiver

label:

Not available

category:

Critical infrastructure

Energy

country:

Middle East (region)

inclusion criteria

Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals

Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated

articles

New Destructive Wiper ZeroCleare Targets Energy Sector in the Middle East

added to database

15.08.2022

attributions

articles

Not available

attribution date

2020

attribution basis

IT-security community attributes attacker

attributing country

Not available

attributing actors

Not available

attribution type

Technical report (e.g., by IT-companies, Citizen Lab, EFF)

initiators

label:

ITG13

category:

Non-state actor, state-affiliation suggested

countries:

Iran, Islamic Republic of

label:

OilRig/APT34/Cobalt Gypsy/Helix Kitten/Crambus/G0049

category:

Non-state actor, state-affiliation suggested

countries:

Iran, Islamic Republic of

legal attribution references

Not available

technical categories

Incident/Operation Type

Disruption

Hijacking with Misuse

data theft

none

disruption

Short-term disruption (< 24h; incident scores 1 point in intensity)

hijacking

Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)

Physical Effects (temporal)

none

Physical Effects (spatial)

none

unweighted cyber intensity

Target / Effect Multiplier

Moderate - high political importance

weighted cyber intensity

Low / moderate intensity - 3

MITRE: Initial Access

Not available

MITRE: Impact

Not available

Common Vulnerability Scoring System: User Interaction

Not available

Zero Day

political categories

cyber conflict issue

International power

offline conflict issue

Unknown

offline conflict intensity

Unknown

casualties

No casualties as a direct result of the cyber incident

political response

Not available

legal categories

state responsibility indicator

Not available

il breach indicator

Not available

response indicator

Not available

Evidence for Sanctions Indicator

Not available

legal response

Not available

impact indicator

Not available