Saudi Arabia Suffers New Attacks From Shamoon Malware

December 7, 2016

On December 3, 2016, it was reported that Saudi authorities had detected new attempts to disrupt government computers. The kingdom’s National Cyber Security Centre (NCSC_ “detected destructive electronic strikes against several government agencies and vital establishments.” The agency had previously warned on November 19 of “organized threats aimed at disabling the services provided by some agencies,” and added that hackers from outside of the kingdom were trying to insert malware a virus to disrupt users’ data.

Symantec warned that the disc-wiping malware Shamoon “has made a surprise comeback and was used in a fresh wave of attacks against targets in Saudi Arabia.” The U.S.-based company added that Shamoon had been used in attacks on the kingdom’s energy sector in 2012 and “is largely unchanged from the variant used four years ago.”

Furthermore, “the attackers appear to have done a significant amount of preparatory work for the operation… The malware was configured with passwords that appear to have been stolen from the targeted organizations and were likely used to allow the threat to spread across a targeted organization’s network.” While Symantec declined to say which Saudi agencies were affected or who responsible for the November 17 attack, “it is clear that the attackers want their targets to sit up and take notice.”

Source: alaraby.co.uk, December 3, 2016