CrowdStrike says it has revamped several testing, validation, and update rollout processes to prevent a repeat of the embarrassing July outage that caused widespread disruption on Windows systems around the world.
Reconstructing the Attack from a 4th party collector’s point of view
Hamid Kashfi
[Update: December 18th, 2023]: On 18th December, Predator Sparrows launched a second
attack against the fuel distribution system in Iran, similar to their previous operation in 2021.
Since 2021, Iranian officials or third-party security vendors have not published any analysis or
technical details about the original attack, which is not unusual. Their screenshots from the
latest attacks provide some clues that only confirm our previous work, indicating connections to
the “Yaas Arghavani” company, a VSAT and POS service provider for the fuel distribution
system. The following is an old draft from December 2021, which I wrote for peer eyes rather
than public view. The original draft focused on the first attack against the fuel distribution
system. Still, some remarks remain valid and relevant to the recent attack on 18 Dec 2023, as
little has changed regarding how the system works. The same infrastructure, same suppliers,
and same 3rd party vendors, so we are likely just talking about a different attack vector and
entry point from the previous case. I will probably draft a new note about the recent attack from
scratch soon and when more details are gathered rather than updating the old speculative work.
I’m a Swiss voter living abroad, and like all Swiss expats from Basel-Stadt, St.Gallen or Thurgau, I’ve been invited to vote over the internet in this year’s national election. Switzerland’s e-voting system is supposed to have safeguards to protect the election against malicious actors, however as a computer scientist, I have found a flaw in the practical implementation of one of those safeguards.