This website uses cookies primarily for visitor analytics. Certain pages will ask you to fill in contact details to receive additional information. On these pages you have the option of having the site log your details for future visits. Indicating you want the site to remember your details will place a cookie on your device. To view our full cookie policy, please click here. You can also view it at any time by going to our Contact Us page.

Saudi and Qatari oil giants latest to suffer cyber attacks

05 September 2012

The recent cyber-attacks on Saudi Aramco and Qatar's RasGas were carried out using the Shamoon (aka Disttrack) trojan, according to Dow Jones. Both groups suffered serious network disruption in the attacks.

According to Israeli security company Seculert, Shamoon first takes control of a system connected to the Internet before spreading to other PCs on an organisation's network.

The second stage -- which kicks off after the malware has done its dirty work -- overwrites files and the Master Boot Record (MBR) of the machine. The latter makes the PC unbootable.

Computerworld says the destructiveness of Shamoon makes it similar in some ways to the attack against Iranian computers earlier this year that also wiped hard drives.

Investigations into that malware by Kaspersky Labs of Russia led it to uncover Flame, the sophisticated cyber-spying tool that most have linked to Stuxnet, the worm discovered in 2010 that sabotaged Iran's nuclear programme.

Kaspersky is convinced that there is no connection between Shamoon and the data-wiping malware that hit Iran last April, citing several differences between the two.

"It is more likely that [Shamoon] is a copycat, the work of script kiddies inspired by the [earlier] story," said a Kaspersky researcher on the company's blog.

Some observers think Shamoon comes from middle eastern  'hacktivist' groups, who claim that Gulf states support oppression in the Arab world.


Contact Details and Archive...

Print this page | E-mail this page