CanisterWorm Deployed in Wiper Attacks Targeting Iranian Infrastructure

A financially motivated data theft and extortion group has deployed a worm named CanisterWorm, which spreads via poorly secured cloud services and executes wiper attacks on infected systems. The malware targets systems configured with Iran’s time zone or Farsi as the default language, effectively focusing on Iranian infrastructure. The attack involves data wiping rather than encryption, distinguishing it from traditional ransomware operations. No specific technical indicators, CVE IDs, or exact dates were provided in the report. The campaign appears geared toward disruption and extortion, though the full scope of its impact remains unclear.