US Security firms have revealed that the version of destructive computer virus Shamoon was being empoyed in mid-November to attack computers in Saudi Arabia and other regions.
Four years ago the same virus attack had caused damage to tens of thousands of computers at Middle Eastern energy companies, Reuters reported today.
CrowdStrike, Palo Alto Networks Inc and Symantec Corp. warned of the new attacks on Wednesday but they did not name any victims of the new version of Shamoon, which disable computers by wiping their master boot records that they use for start up. However, the firms did not disclose the extent of damage caused nor identified the hackers.
FireEye said in a blogpost that its Mandiant unit "has responded to multiple incidents at other organizations in the region." A spokesman refused to identify the countries or organisations.
The reappearance of Shamoon is significant as there have only been a handful of other high-profile attacks involving disk-wiping malware, including ones in 2014 on Sheldon Adelson’s Las Vegas Sands Corp. and Sony Corp's Hollywood studio.
Governments and businesses pay close attention to such cases because it can be time-consuming and expensive to restore infected systems.
Now the recent hackers (Shamoon 2) also left a calling card. It was a disturbing image of the body of three year-old Syrian refugee Alan Kurdi, who drowned in the Mediterranean last year, Researchers said.
The FireEye spokesman said the malware contains embedded credentials, which suggests the attackers may have previously conducted intrusions to gather the necessary logins and passwords before later embedding them into the malware for the destructive attack.
In 2012, the Shamoon hackers had dropped images of a burning US flag on machines at Saudi Aramco and RasGas Co Ltd. The attacks were likely conducted by hackers working on behalf of the Iranian government, said CrowdStrike Chief Technology Office Dmitri Alperovitch. However, it is too early to say whether the same group was behind Shamoon 2, he said.
However, the motive of recent attacks was unclear. "Why Shamoon has suddenly returned again after four years is unknown," the Symantec Security Response team said on its blog.
"However, with its highly destructive payload, it is clear that the attackers want their targets to sit up and take notice." the team added. The malware triggered the disk-wiping to begin at 8:45pm local time on Thursday, November 17, according to the security firms.
The Saudi business week gets over on Thursday, hence it appears to have been timed to begin after staff left to decrease the chances of discovery and allow maximum damage.
"The malware had potentially the entire weekend to spread," Palo Alto researcher Robert Falcone said in a blog post.
Saudi Arabia has shot down 11 Scud missiles fired by Al Houthi rebels from across the Yemen border after fighting intensified since the collapse of a US-backed ceasefire last week. Saudi Arabia has deployed Patriot missile batteries to counter tactical ballistic missiles that have been fired sporadically from Yemen during the course of the war, Gulfnews reported Friday
Lockheed Martin has been awarded a foreign military sales contract worth $48 million to upgrade the M1A2S Advanced Gunnery Training System for Saudi Arabia. “Lockheed Martin Corp
Saudi Arabia is likely to order five corvettes from Spanish Navantia in a deal worth over €3 billion and is expected to be signed during Spanish King Philip VIs visit to Saudi scheduled later this week. Having postponed a number of official journeys overseas due to the fact that there was only an interim government in place, King Felipe VI is now due to travel to Saudi Arabia
Saudi Arabias King Abdulaziz City for Science and Technology (KACST) announced the success of a project to convert a manned aircraft into a drone. This was disclosed by KACST President Prince Turki Bin Saud
Germany's Protestant and Catholic churches on Monday have called for a revision of laws for arms export governing the approval of deliveries to other countries, pointing mainly at the Gulf states. Martin Dutzmann, chairman of an ecumenical joint committee on development policy was quoted as saying by Deutsche Welle German Radio that there had been "an exorbitantly high number of approvals for arms exports" in 2015 and the first half of 2016
Lockheed To Supply AEGIS Weapons Systems For US’ New Guided Missile Frigates
Northrop Grumman To Support US Navy’s MQ-4C Triton UAS
Raytheon, UK MoD Sign MoU on Small Military Satellites
General Atomics Predator A Drone Completes 25 Years Of Service
Elbit Systems Pitches For Lockheed Martin F-21 Jet Project in India
Design of Russian-made 'World's Fastest Helicopter' Ready
India To Give The Final Go-ahead To $1.7 Billion C-295 Transport Aircraft
China offers Two-seat Fighter Trainer FC-1B for International Sales
US companies sanctioned by China for supplying weapons to Taiwan may be denied rare earth elements (REEs), which have critical...
While the US F-35 stealth aircraft has become one the fastest selling fighter jets in the world aircraft market, thanks...
Russian state-run Almaz-Antey has released additional data on its latest export-version of Buk-M3 Viking air defense missile system (ADMS)
The MiG-29, one of Russias most exported military jet has been upgraded in India that expands its capabilities from an...
Russian fifth generation fighter aircraft (FGFA) Su-57 will for the first time perform flights during the ARMY 2018 event near...
The American-made Patriot and Russian S-400 Triumf air defense systems are currently hogging international orders despite their price tags running...