Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Shamoon, Saudi Aramco, And Targeted Destruction

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 23 Aug 2012 04:17:08 -0500 (CDT)
http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240006049/shamoon-saudi-aramco-and-targeted-destruction.html

By Kelly Jackson Higgins
Dark Reading
Aug 22, 2012
The mystery of the data-destroying targeted attack against a Middle East oil organization with the so-called Shamoon malware is still unfolding, as security experts discover more clues, and a self-professed group of hacktivists claims responsibility for downing machines at Saudi Aramco with the very same malware.
Multiple Pastebin posts on the attacks have emerged, including ones attributed to the so-called Arab Youth Group as well as the Cutting Sword Of Justice, each post basically claiming to have hit Saudi Aramco in protest. "Symantec, McAfee and Kaspersky wrote a detail analysis about the virus, good job," Pastebin one post said, also claiming to have "completely destroyed" 30,000 clients and servers at the oil company. A post signed by the Cutting Sword Of Justice said the attacks were against the "Al-Saud regime," and that the Aramco hack was "the first step" in operations against what it considers "tyranny and oppression."
Symantec last week revealed its findings on Shamoon, a targeted attack that's all about total annihilation of data, not theft like other targeted attacks. Symantec still won't name the actual victim of the attack, only that it's an energy-sector company in the Middle East. Meantime, Saudi Aramco last week announced that it had been hit by a virus that led to the shutdown of many of its internal systems. The company is Saudi Arabia's national oil company and is considered one of the largest in the world.
Researchers at Kaspersky Lab, meanwhile, have spotted a time correlation between the Aramco attack and the date and time found in the Shamoon malcode on Aug. 15. "We can confirm that#Shamoon kill-timer is the same (08:08 UTC) as announced in anons statement here," Aleks Gostev, chief security expert for Kaspersky Lab's Global Research and Analysis Team, said in a tweet this morning. Kaspersky provided more detail on Shamoon's inner workings in a blog post. 

[...]
Previous By Date Next
Previous By Thread Next

Current thread: