Saudi Apex Bank PCs Hit with Malware Linked to Iran

The central bank of Saudi Arabia was recently struck with Shamoon a most damaging disk-erasing malware which impacted the PC-networks of several government agencies during the last 2 weeks, thus posted ibtimes.co.uk online dated December 3, 2016.

While there was constant surveillance for identifying potential cyber threats against the apex bank, there was reportedly no breach of the systems at the bank, the bank stated.

The assaults that troubled no less than 8 government agencies employed one computer disabling malicious program called Shamoon which has been associated with Iran, said two persons aware about a still going probe into the hack. Shamoon was capable of inflicting destruction against entities from many critical sectors, in particular, transportation and finance.

SPA the national news agency of Saudi government reportedly informed that the assault seemingly emanated externally of the Gulf nation state while was among many still existing cyber assaults attacking government offices even as it quoted the National Cyber Security Center, according to Reuters the international news agency.

Several security companies, prominent among them, CrowdStrike, Symantec, Palo Alto Networks and FireEye too cautioned about last month's assaults. Referring to dual unidentified sources, Bloomberg reported that state-backed hackers executed the assaults, and added that as per digital clues, their source of origin was Iran.

Moreover, in addition to the General Authority of Civil Aviation that operates airports in Saudi Arabia, the hackers attacked the transportation ministry that oversees road network of the Kingdom.

Saudi Arabia's central bank like most central banks supervises the kingdom state's commercial banks, handles foreign exchange currencies, as well as operates the system of electronic payment.

Symantec explains that Shamoon spreads across the target network through many stages. Foremost of all, a 'dropper' activity proliferates onto multiple PCs, after which it pulls down a driver for enabling its evasion of Windows API followed with rewriting everything on the computer's hard disk. Eventually, Shamoon sends verification message to the hackers' remote server telling that it has successfully wiped the disk.

The probe within its initial phases could mean changed responsibilities. There is also possibility of increased entities being damaged as investigation goes on.

» SPAMfighter News - 12/9/2016