IBM’s X-Force Incident Response and Intelligence Services (IRIS) says at least 1,400 hosts were affected by ‘ZeroCleare’ ZeroCleare is likely the work of Iran-based nation-state adversaries, according to IRIS. The attack most likely started in Autumn of 2018 with reconnaissance scanning from various low-cost/free VPN providers and gaining access to one of the accounts that was later involved in the attack, IRIS said. At the same time, the adversaries brute-forced passwords to gain access to several network accounts, which were used to install web shells.
Source: https://threatpost.com/iran-mideast-oil-zerocleare-wiper-malware/150814/