wiper

Lotus Wiper Hits Venezuela: When Cyber War Targets the Grid

John Z Black Apr 23, 2026

Threat Intelligence #lotus-wiper #venezuela #energy #utility #destructive-malware #ics #wiper #geopolitical-cyber

Lotus Wiper has been quietly targeting Venezuelan energy and utility firms since late last year. This isn't about intelligence gathering; it's about disruption. When the goal is to stop the lights, the defensive playbook has to change.

Stryker Recovered from an Iranian Wiper Attack. It Took Three Weeks and 80,000 Devices.

John Z Black Apr 3, 2026

Threat Intelligence #iran #handala #wiper #healthcare #stryker #nation-state #critical-infrastructure #fbi

Iran's Handala group wiped 80,000 devices across Stryker's global network. Maryland EMS lost digital ECG transmission. The DOJ confirmed Iran's government runs Handala.

Iran Is Running Every Cyberattack at Once

John Z Black Mar 28, 2026

Threat Intelligence #iran #unit42 #apt #wiper #handala #stryker #nation-state #bearlyfy #geopolitics #cyber-warfare

Iran isn't running a cyber campaign right now. It's running all of them simultaneously, and Unit 42's latest brief documents exactly that.

CanisterWorm: TeamPCP Hides Its C2 on a Blockchain You Can't Take Down

John Z Black Mar 26, 2026

Threat Intelligence #teampcp #malware #blockchain #supply-chain #iran #wiper #kubernetes

TeamPCP's new wiper, CanisterWorm, uses an ICP blockchain canister as its C2 resolver -- no domain to seize, no server to kill. And it now runs on any system, not just Kubernetes.

CanisterWorm: How TeamPCP Hijacked Your Security Scanners and Built an Untakeable Botnet

John Z Black Mar 24, 2026

Threat Intelligence #supply-chain #teampcp #canisterworm #kubernetes #ci/cd #npm #trivy #kics #wiper

TeamPCP compromised Trivy and KICS CI/CD scanner tags, spread CanisterWorm to 47 npm packages, and deployed a Kubernetes wiper targeting Iranian timezones -- all controlled via blockchain C2 that can't be taken down.

Handala, Publicly Attributed: What the FBI Seizure Changes About Iran Cyber Signaling

John Z Black Mar 21, 2026

Threat Intelligence #iran #handala #mois #fbi #attribution #nation-state #wiper #threat-intelligence

The FBI seized Handala's sites and released a 40-page warrant formally linking the group to Iran's intelligence ministry. Attribution just moved from analyst opinion to federal court filing.

Iran Didn't Need Malware to Cripple Stryker. They Just Used Microsoft Intune.

John Z Black Mar 17, 2026

Threat Intelligence #iran #stryker #handala #intune #mdm #wiper #healthcare #nation-state #critical-infrastructure

The Handala group wiped tens of thousands of Stryker devices using the company's own MDM platform. No malware. No exploit. Just admin access and the willingness to press the button.

Hackers Used Stryker's Own IT Tool to Nuke Its Entire Device Fleet

John Z Black Mar 14, 2026

Threat Intelligence #handala #stryker #mdm #microsoft-intune #iran #wiper #healthcare #nation-state

An Iranian-linked group called Handala reportedly hijacked Microsoft Intune and wiped Stryker's devices at scale. The tool designed to secure their fleet became the weapon that destroyed it.