Shamoon 2 software nasty is back and more evil than before
At least 15 Saudi government offices and private companies have been hit by another wave of attacks from Shamoon 2 malware that leaves hard drives completely erased.
Shamoon 2 first surfaced in 2012, when it was used in a highly targeted attack against Saudi Aramco, the desert state’s oil company that pumps 10 per cent of the world’s crude.
A new and updated version, dubbed Shamoon 2 or Disttrack, cropped up last year and again earlier this month, but the new attacks on Monday are more widespread than before.
Aramco is still in the malware herder’s sights, with Sadara Chemical, a joint venture firm owned by the company and Dow Chemical, confirming that it had taken a hit from the malware.
It says the incident has now been contained and it is investigating.
State media also reports the Saudi Arabian labor ministry has been hit.
Sadara’s network disruption was a result of cyber attack experienced by multiple entities in KSA as announced by the regulatory authorities
— Sadara | صدارة (@Sadara) January 25, 2017
The motive for the attacks isn’t known, but the malware is thought to be the creation of Iranian state-sponsored hackers.
There is speculation that this latest Saudi infection might be retaliation for hacking against Iranian petrochemical facilities.
Between July and September, there was a series of incidents at Iranian facilities, including a fire at the days-long inferno in July at the Bou Ali Sina Petrochemical Complex in Iran that caused $67m in damage.
Brigadier General Gholam Reza Jalali, head of the Iranian cybersecurity division, said the damage was caused by hacking.
“The viruses had contaminated petrochemical complexes,” he told the state-run IRNA news agency. “Irregular commands by a virus may cause danger.”
If this latest attack on Saudi Arabia is retaliation, then it appears we could be seeing the first nation-to-nation cyberwar.
Iran is at the cutting edge of this technology – having been the victim of Stuxnet, the first virus designed specifically to destroy its nuclear processing equipment.
As we saw with Stuxnet, the malware did appear in non-Iranian systems.
If Shamoon 2 follows a similar path, a lot of computer users are going to face an unexpected disk wipe. ®
Sponsored: Continuous lifecycle London 2017 event.
DevOps, continuous delivery and containerisation. Register now