[ISN] Shamoon, Saudi Aramco, And Targeted Destruction

From: InfoSec News <alerts_at_private>
Date: Thu, 23 Aug 2012 04:17:08 -0500 (CDT)
http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240006049/shamoon-saudi-aramco-and-targeted-destruction.html

By Kelly Jackson Higgins
Dark Reading
Aug 22, 2012

The mystery of the data-destroying targeted attack against a Middle East 
oil organization with the so-called Shamoon malware is still unfolding, 
as security experts discover more clues, and a self-professed group of 
hacktivists claims responsibility for downing machines at Saudi Aramco 
with the very same malware.

Multiple Pastebin posts on the attacks have emerged, including ones 
attributed to the so-called Arab Youth Group as well as the Cutting 
Sword Of Justice, each post basically claiming to have hit Saudi Aramco 
in protest. "Symantec, McAfee and Kaspersky wrote a detail analysis 
about the virus, good job," Pastebin one post said, also claiming to 
have "completely destroyed" 30,000 clients and servers at the oil 
company. A post signed by the Cutting Sword Of Justice said the attacks 
were against the "Al-Saud regime," and that the Aramco hack was "the 
first step" in operations against what it considers "tyranny and 
oppression."

Symantec last week revealed its findings on Shamoon, a targeted attack 
that's all about total annihilation of data, not theft like other 
targeted attacks. Symantec still won't name the actual victim of the 
attack, only that it's an energy-sector company in the Middle East. 
Meantime, Saudi Aramco last week announced that it had been hit by a 
virus that led to the shutdown of many of its internal systems. The 
company is Saudi Arabia's national oil company and is considered one of 
the largest in the world.

Researchers at Kaspersky Lab, meanwhile, have spotted a time correlation 
between the Aramco attack and the date and time found in the Shamoon 
malcode on Aug. 15. "We can confirm that#Shamoon kill-timer is the same 
(08:08 UTC) as announced in anons statement here," Aleks Gostev, chief 
security expert for Kaspersky Lab's Global Research and Analysis Team, 
said in a tweet this morning. Kaspersky provided more detail on 
Shamoon's inner workings in a blog post.

[...]
Received on Thu Aug 23 2012 - 02:17:08 PDT

This archive was generated by hypermail 2.2.0 : Thu Aug 23 2012 - 02:20:19 PDT