Explore the latest news and trends  

Sign up for our weekly security newsletter

Be the first to receive important updates on security


Data-Erasing Shamoon Malicious Program Hacks Government Agencies in Saudi Arabia

Total data-loss from thousands of PCs occurred within the civil aviation office as also other organizations at Saudi Arabia when the Shamoon malicious program attacked following its reappearance after 4-yrs-or-so following its major attack on thousands of computers of Saudi Aramco.

Reportedly, Shamoon is deleting data, causing immense chaos, as it hit vital computer banks all over Saudi Arabia. Security researchers have described this freshly found hacking scheme as one meticulously organized operation while possibly from certain technically-gifted and well-resourced opponent. Cyberscoop.com posted this, December 1, 2016.

Similar as during 2012, hackers pre-configured the malware so as for including credentials to access the PCs shared over the organizations' networks with the purpose to disseminate fast followed with erasing the maximum possible data. When Shamoon attacked during 2012, it wiped the MBR (master boot records) of contaminated PCs and put in its place a graphic of an America flag in flames. But within the recent assaults, it displayed one picture of Alan Kurdi's body a Syrian refugee aged just three who in 2015 drowned and died inside the Mediterranean, wrote security response team of Symantec.

The United States' assertion that Shamoon originated from Iran isn't a technically confirmed claim because the hackers like norm dropped false hints so as for misguiding researchers. It's also not known what reason lies behind Shamoon's sudden revival after 4-yrs. Nevertheless, the extremely destructive payload of the malware makes it clear that its operators desire their targets giving attention to them and become alert. The Saudi authorities are conducting one thorough investigation currently.

No security firm has publicly named the government agencies/organizations becoming targets of Shamoon within the recent assault. Bloomberg is told that the General Authority of Civil Aviation in Saudi Arabia had its "critical data" hacked which derailed operations over many days.

The recent Shamoon assaults included code for exchanging messages with a C&C server; however, the hackers seemingly deactivated it while pointing the same to some non-existent server. It's quite clear that they didn't aim at exfiltrating information albeit that was quite possibly stolen prior to the malware's activation, and a wiper of the disk might've been left eventually.

» SPAMfighter News - 12/7/2016

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Dear Reader

We are happy to see you are reading our IT Security News.

We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!

Go back to previous page