Tag: shamoon

On November 17, 2016, Shamoon malware struck once more. As with the first Shamoon assault five years ago, the target was Saudi Arabia. But while earlier attacks focused on critical oil and gas infrastructure, last fall’s campaigns targeted Saudi government institutions, financial services, and other sectors. The objective was to gather information on individuals and ...
Read Blog
Naming the recent data-wiping attacks in Saudi Arabia as a continuation of the Shamoon campaign suggests that we are dealing with identical malware and procedures. However, there are fundamental differences between the campaigns of 2012 and 2016‒17, and these differences provide a fascinating insight into the development process of the attackers. When we look at ...
Read Blog
In November 2016, we published a blog that drew comparisons between samples that we had received to that of the 2012 ‘Shamoon’ campaign. Since November, there has been a considerable amount of research corroborating our initial assertions, which we have reviewed against our own continuing analysis. We found that the latest Shamoon campaigns are attacking ...
Read Blog
McAfee has linked a series of cyber-attacks in Saudi Arabia to a common malicious actor rather than to individual cyber gangs in the region. McAfee Strategic Intelligence researchers, working closely with McAfee’s Advanced Programs Group, have released evidence that a series of cyber-attacks targeting the Persian Gulf and, specifically, Saudia Arabia between 2012 and the ...
Read Blog
Our analysis this month has pointed to Shamoon emerging in the Middle East. We have recently seen a number of similarities that we had highlighted in our earlier blogs (on mcafee.com). The campaign continues to target organizations in the Middle East from a variety of verticals. Reports suggest that a further 15 disk-wiping Shamoon incidents ...
Read Blog
Last week we provided some initial analysis on recent attacks targeting organizations in the Middle East.  The attack has hallmarks of the Shamoon campaign of 2012. We now have additional data related to the components used within the new campaign, which has three distinct components: dropper, wiper, and wiper driver. The language of these three ...
Read Blog
We have recently received notifications and samples from impacted organizations in the Middle East that have hallmarks of the Shamoon campaign from 2012. The main component of these attacks was the usage of a wiper component that, once activated, destroyed the hard disks of infected machines. The initial infection vector for the recent attacks is ...
Read Blog