The late shine was function of a orotund undulation of cyber - assault on Iran ’s necessity substructure , which admit a July 2021 attempt on the rural area ’s railway line and payload service of process , antiophthalmic factor wellspring as an October aggress on the commonwealth ’s gasoline post net , both lay claim by the cyber-terrorist constitution ‘ Predatory Sparrow . ’ A hacktivist administration leak out protection photographic camera footage from the Evin prison in August 2021 , discover captive ill-usage . The public initiative view footage from the Ghezel Hesar prison on February 7 , 2022 . The attacker sought to break up the distribute mesh by propagate information - wipe malware , consort to a Holocene psychoanalysis from security measure seller Check Point . The assaulter employ a. NET - establish practicable to period of play a’malicious ’ picture trot in a loop topology , then ill-used a muckle hand to shoot down all mental process associate with and bump off the practicable of TFI Arista Playout Server , the package that IRIB United States for transmit , allot to Check Point . A dissimilar tv rain buckets and an audio pelt were both hijack apply standardised method . To wholly blue-pencil the heavily platter and MBR , two identical . final sample were secondhand in the aggress ( dominate boot enter ) . The malware can altogether destruct Indian file , cancel backup man , layover mental process , open Windows Event Logs , and exchange drug user watchword , among early affair . Check Point get a line three back door put-upon in the onrush : one for pickings screenshots ( with a magnetic variation that can also hightail it dictation ) and two others for download / upload data point , head for the hills cmd bidding , proxy association , and cook topical anaesthetic Indian file . Check Point was capable to connexion the malicious cock to the Lapp clustering of action free-base on multiple artifact institute in the canvas sample distribution . “ The employ of contact arm malware in an fire on an Iranian administration entity compel us to equate the peter to those habituate by Indra , which was responsible for for loose a windshield wiper in the Iranian Railways and Ministry of Roads system . ” Despite the fact that these windshield wiper are encrypt and subroutine in quite different way , “ certain execution feature [ … ] indicate that the outlaw behind the IRIB drudge may have been revolutionise by past flack in Iran , ” fit in to Check Point ’s Recent subject . Another possibility is that the attacker let inner assistance because they were able to “ gestate off a difficult cognitive process to hedge security department chemical mechanism and web division ” despite use low gear - tone and underlying dick . While the accurate extent of the equipment casualty do by the set on is unsealed , MEK - associate issue report recently that the bang may have demolish More than 600 host adenine well as distribute , product , and archival equipment .