A new file wiping malware called Meteor was discovered used in the recent attacks against Iran’s railway system. Earlier this month, Iran’s transport ministry and national train system suffered a cyberattack, causing the agency’s websites to shut down and disrupting train service. The threat actors also displayed messages on the railway’s message boards stating that trains were delayed or canceled due to a cyber attack. The attack itself is dubbed ‘MeteorExpress,’ and utilizes a toolkit of batch files and executables to wipe a system, lock the device’s Master Boot Record (MBR) and install a screen locker.
Source: https://www.bleepingcomputer.com/news/security/new-destructive-meteor-wiper-malware-used-in-iranian-railway-attack/