Thursday , May 21 2020
Home / Cyber News / Saudi Arabia again hit with disk-wiping malware Shamoon 2
malware Shamoon 2

Saudi Arabia again hit with disk-wiping malware Shamoon 2

Saudi Arabia has issued a warning to local organizations that the Shamoon virus that had hit state-held oil giant Saudi Aramco in 2012 has resurfaced in a new variant, Reuters reports, quoting an alert by the telecoms authority it had seen.

The Shamoon 2, which completely wipes out computer disks, has reportedly targeted 15 government agencies and private organizations, according to Saudi state-run TV channel Al Ekhbariya TV, as quoted by Bloomberg.

According to Network World, the disk-wiping Shamoon malware, which was used in attacks that destroyed data on 35,000 computers at Saudi Aramco in 2012, is back; the Shamoon variant prompted Saudi Arabia to issue a warning on Monday.

An alert from the telecoms authority, seen by Reuters, warned all organizations to be on the lookout for the variant Shamoon 2. CrowdStrike VP Adam Meyers told Reuters, “The Shamoon hackers were likely working on behalf of the Iranian government in the 2012 campaign and the more-recent attacks. It’s likely they will continue.”

Saudi Arabia is warning that a computer virus that destroyed systems of its state-run oil company in 2012 has returned to the kingdom, with at least one major petrochemical company apparently affected by its spread.

Suspicion for the initial dispersal of the Shamoon virus in 2012 fell on Iran as it came after the Stuxnet cyberattack targeting Tehran’s contested nuclear enrichment program.

It wasn’t immediately clear who could be responsible for the new infection, though the relations between regional rivals remain tense.

A report Monday by Saudi state-run television included comments suggesting that 15 government agencies and private institutions had been hit by the Shamoon virus, including the Saudi Labor Ministry. The ministry said it was working with the Interior Ministry to contain the virus.

One of the latest victims is potentially Sadara, which is a joint venture between Michigan-based Dow Chemical and Saudi Arabian Oil. Sadara reportedly had to shut down its computer network on Monday and it remained down today. A company spokesman told the Associated Press that the downtime had not affected operations at the facility.

The company said something similar in a tweet:

Sadara tweets about Shamoon 2 attack on Jan 23

According to another Saudi TV report, Saudi Technical and Vocation Training Corp was also affected; yet a spokesman denied its network was damaged when confronted by AP.

Reuters added, “Other companies in Jubail, the hub of the Saudi petrochemicals industry, also experienced network disruptions, according to sources who were not authorized to publicly discuss the matter. Those companies sought to protect themselves from the virus by shutting down their networks, said the sources, who declined to identify specific firms.”

About Kamran Mohsin

Kamran Mohsin
Kamran Mohsin is a Certified Ethical Hacker. Currently working as a Penetration Tester within a private company in Pakistan. He is also doing Masters in information Security. He worked in web development (front-back-end) from recent back years. With the passage of time he took interest in Hacking and started to write blogs on IS from late 2015.

Check Also

iran hit by massive cyber attack

Iran hit by massive cyber attack that left U.S. flag on screens

Iran’s IT Minister Mohammad Javad Azari-Jahromi posted a picture of a computer screen on Twitter …

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: