Dustman

Dustman is a destructive malware variant, specifically a wiper, that was first identified in late December 2019. This new strain of malware was discovered following incidents involving similar wipers such as ZEROCLEARE. Historically, these types of malware and their raw disk drivers were unsigned, meaning they could not directly access the raw disk for rapid data wiping. However, the PDB file of the Dustman wiper indicated that this particular version of the destructive code was a release edition, suggesting it was ready for deployment within a target network. The Dustman event primarily occurred in Saudi Arabia, with the malware's activity heavily concentrated in this region. The Bapco incident, which involved Bahrain’s National Oil Company, took place around the same time as the Dustman event. There were speculations that EKANS, another type of malware first identified on December 26, 2019, might have been used at Bapco before the Dustman incident. However, any connections between EKANS, the Bapco incident, and the Dustman wiper appear to be circumstantial based on the available evidence. While some arguments suggest Iranian involvement due to overlaps with previously reported Dustman wiper activity and alleged technical similarities between EKANS and known Iran-linked operations, no definitive links have been established. If both Dustman and EKANS incidents did occur at Bapco, they would represent a coincidence rather than a coordinated attack from a single authority. Despite the provocative email address related to EKANS, it appears unrelated to the Dustman event.