Tuesday , December 19 2017
Home / Cyber News / Saudi Arabia again hit with disk-wiping malware Shamoon 2
malware Shamoon 2

Saudi Arabia again hit with disk-wiping malware Shamoon 2

Saudi Arabia has issued a warning to local organizations that the Shamoon virus that had hit state-held oil giant Saudi Aramco in 2012 has resurfaced in a new variant, Reuters reports, quoting an alert by the telecoms authority it had seen.

The Shamoon 2, which completely wipes out computer disks, has reportedly targeted 15 government agencies and private organizations, according to Saudi state-run TV channel Al Ekhbariya TV, as quoted by Bloomberg.

According to Network World, the disk-wiping Shamoon malware, which was used in attacks that destroyed data on 35,000 computers at Saudi Aramco in 2012, is back; the Shamoon variant prompted Saudi Arabia to issue a warning on Monday.

An alert from the telecoms authority, seen by Reuters, warned all organizations to be on the lookout for the variant Shamoon 2. CrowdStrike VP Adam Meyers told Reuters, “The Shamoon hackers were likely working on behalf of the Iranian government in the 2012 campaign and the more-recent attacks. It’s likely they will continue.”

Saudi Arabia is warning that a computer virus that destroyed systems of its state-run oil company in 2012 has returned to the kingdom, with at least one major petrochemical company apparently affected by its spread.

Suspicion for the initial dispersal of the Shamoon virus in 2012 fell on Iran as it came after the Stuxnet cyberattack targeting Tehran’s contested nuclear enrichment program.

It wasn’t immediately clear who could be responsible for the new infection, though the relations between regional rivals remain tense.

A report Monday by Saudi state-run television included comments suggesting that 15 government agencies and private institutions had been hit by the Shamoon virus, including the Saudi Labor Ministry. The ministry said it was working with the Interior Ministry to contain the virus.

One of the latest victims is potentially Sadara, which is a joint venture between Michigan-based Dow Chemical and Saudi Arabian Oil. Sadara reportedly had to shut down its computer network on Monday and it remained down today. A company spokesman told the Associated Press that the downtime had not affected operations at the facility.

The company said something similar in a tweet:

Sadara tweets about Shamoon 2 attack on Jan 23

According to another Saudi TV report, Saudi Technical and Vocation Training Corp was also affected; yet a spokesman denied its network was damaged when confronted by AP.

Reuters added, “Other companies in Jubail, the hub of the Saudi petrochemicals industry, also experienced network disruptions, according to sources who were not authorized to publicly discuss the matter. Those companies sought to protect themselves from the virus by shutting down their networks, said the sources, who declined to identify specific firms.”

About Kamran Mohsin

Kamran Mohsin
I'm a software engineer by profession, a passionate and experienced web designer, developer and blogger. I use to work with programming languages on daily basis and works to get something new into my knowledge prior to what I had before. I write blogs about information security, WordPress, various ways to make money and more.

Check Also

Blue Whale

Reality Behind The “Blue Whale”, The Suicide Game

Reality Behind The “Blue Whale”, The Suicide Game. For the past few days there has …

Leave a Reply

Your email address will not be published. Required fields are marked *