Saudi and Qatari oil giants latest to suffer cyber attacks
05 September 2012
The recent cyber-attacks on Saudi Aramco and Qatar's RasGas were carried out using the Shamoon (aka Disttrack) trojan, according to Dow Jones. Both groups suffered serious network disruption in the attacks.
Some observers think Shamoon comes from middle eastern 'hacktivist' groups
According to Israeli security company Seculert, Shamoon first takes control of a system connected to the Internet before spreading to other PCs on an organisation's network.
The second stage -- which kicks off after the malware has done its dirty work -- overwrites files and the Master Boot Record (MBR) of the machine. The latter makes the PC unbootable.
Computerworld says the destructiveness of Shamoon makes it similar in some ways to the attack against Iranian computers earlier this year that also wiped hard drives.
Investigations into that malware by Kaspersky Labs of Russia led it to uncover Flame, the sophisticated cyber-spying tool that most have linked to Stuxnet, the worm discovered in 2010 that sabotaged Iran's nuclear programme.
Kaspersky is convinced that there is no connection between Shamoon and the data-wiping malware that hit Iran last April, citing several differences between the two.
"It is more likely that [Shamoon] is a copycat, the work of script kiddies inspired by the [earlier] story," said a Kaspersky researcher on the company's blog.
Some observers think Shamoon comes from middle eastern 'hacktivist' groups, who claim that Gulf states support oppression in the Arab world.
Contact Details and Archive...