After the attack using the Shamoon virus, in Saudi Arabia in November of 2012, There is another new attack in the Middle East that involves the destructive disk-cleaning malware used by the Shamoon group.

The security company Symantec, which investigates the attacks, reported that the attack uses Disttrack malware as the destructive load. While malware can eliminate systems, it needed other means to infiltrate organizations' networks.

Disttrack, used by the original Shamoon, is a disk-cleaning malware that became widely known at 2012, when it damaged 35.000 computers belonging to the Saudi Aramco oil and natural gas company. The attack also affected other critical infrastructure companies in Saudi Arabia, such as RasGas, one of the world's largest producers of liquefied petroleum gas, and the first Saudi Arabian petrochemical company, Saudi Arabian Fertilizer Company (SAFCO).

In the new attack, Shamoon 2, the latest version, targeted organizations in Saudi Arabia, including the country's General Civil Aviation Authority (GACA).

The first wave of Shamoon 2 attacks was launched on November's 17, with a second wave launched on November's 29. The attacks, which some have attributed to Iran, were based on the malware Disttrack to automatically start the deletion of the infected systems at a specified time

The malware was planted on target systems using stolen credentials, and Symantec believes that the information may have been obtained in a previous attack launched by a threat actor called Greenbug. Symantec first discovered the cyber-espionage group Greenbug, during its investigation into the original Shamoon attack.

This cyber espionage group has used a remote access Trojan (RAT) called Ismdoor, along with other tools in attacks targeting organizations in the Middle East. The attackers had aviation, investment, government and education organizations as a main objective in several countries, including Saudi Arabia, Iran, Iraq, Bahrain, Qatar, Kuwait and Turkey, and a Saudi Arabian company in Australia.

Although there is no concrete evidence to prove the link between Greenbug and Shamoon, Symantec determined that Greenbug could have provided Shamoon's credentials for the attacks, after detecting an Ismdoor infection on a computer administrator of one of the organizations attacked by Disttrack.


Source: To consult the source of the information follow HERE

About the author: Eduardo Kando Verified Member WiseGroup Manager Verified Member Into Cybersecurity ISA Groups Member Verified Member Into Cybersecurity ISA Groups Member
I am here to help and guide all visitors to the WisePlant website. It will be a pleasure to answer your questions, know your concerns and receive your recommendations to improve our services.