Shamoon Hits Saudi Aviation Unit

Friday, December 2, 2016 @ 03:12 PM gHale

An attack utilizing the Shamoon virus hit Saudi Arabia’s aviation agency in November officials said.

The attack, which experts say emanated from outside the country, used a version of Shamoon, malware used to target the Saudi energy sector four years ago.

RELATED STORIES
SF Metro Victim of Ransomware
Securing Against Disguised Data
IoT Attack Scare: Is Industry Ready?
Network Visibility with New Platform

Shamoon was a virus that attacked Saudi Aramco, RasGas and SAFCO four years ago in the Middle East. Aramco alone lost over 35,000 hard drives on the business enterprise because of the attack.

Shamoon started off as a spearphishing email and when it got internal through a PC, it swept through as many computers as it could and began wiping them August 15, 2012. Aramco and its affiliates immediately disconnected from the world and each other.

The Saudi government confirmed the latest breaches on Thursday, after several cybersecurity firms noted them, according to a report in The New York Times.

Bloomberg News reported thousands of computers were damaged at the headquarters of the General Authority of Civil Aviation starting in mid-November, “erasing critical data and bringing operations there to a halt for several days,” although operations at Saudi airports did not appear to be affected.

The state-run Saudi Press Agency, citing a government statement, reported Thursday the national cybersecurity department had detected what officials called a systemic attack on crucial government agencies, including in the transportation sector. The attacks aimed at halting operations, stealing data and planting viruses, the news agency reported.

Saudi Press reported officials had alerted the government to the attacks last month and had sent vulnerable agencies tips on defending their computers.

The statement acknowledged that the attacks were staged from outside Saudi Arabia, but it did not specify the targets nor say when the breaches began.

Bloomberg, citing anonymous sources, reported state-sponsored hackers were believed to be responsible for the breaches and suggested they might have emanated from Iran.

Iran and Saudi Arabia have been in cyberwar for more than four years. In April 2012, Iranian engineers working at the Kharg oil terminal, a speck in the Persian Gulf from which a large portion of Iran’s oil is exported, noticed their computers had stopped working. The same happened at the Oil Ministry’s headquarters in Tehran, the capital, according to local news accounts.

A computer virus known as a wiper had been interfering with the ministry’s internal network, removing files from hard drives and taking over computers. Insiders suspected Saudi hackers of carrying out the attacks, though there was no evidence.

Four months later, Saudi Aramco, the largest company in the Saudi Arabia, was hit by a virus that erased data on three-quarters of the company’s computers, replacing everything with an image of a burning American flag. American intelligence officials said the real perpetrator was Iran, although they offered no evidence.



Leave a Reply

You must be logged in to post a comment.