Shamoon

Pierluigi Paganini July 03, 2019
US Cyber Command warns of Iran-linked hackers exploiting CVE-2017-11774 Outlook flaw

US Cyber Command posted on Twitter an alert about cyber attacks exploiting the CVE-2017-11774 vulnerability in Outlook. Yesterday I was using Twitter when I noticed the following alert issued by the account managed by the US Cyber Command: The alert refers to an ongoing activity aimed at infecting government networks by exploiting the CVE-2017-11774 Outlook […]

Pierluigi Paganini December 27, 2018
A new Shamoon 3 sample uploaded to VirusTotal from France

A new sample of Shamoon 3 was uploaded on December 23 to the VirusTotal platform from France, it is signed with a Baidu certificate. A new sample of the dreaded Shamoon wiper was uploaded on December 23 to the VirusTotal platform from France. This sample attempt to disguise itself as a system optimization tool developed […]

Pierluigi Paganini December 17, 2018
A second sample of the Shamoon V3 wiper analyzed by the experts

A second sample of the Shamoon wiper was uploaded to Virus total on December 13, from the Netherlands, experts analyzed it. Last week security experts at Chronicle announced the discovery of a new variant of the infamous Shamoon malware, the sample was uploaded to Virus Total from Italy at around the time Italian oil services company […]

Pierluigi Paganini December 12, 2018
A new variant of Shamoon was uploaded to Virus Total while Saipem was under attack

A new variant of the Shamoon malware, aka DistTrack, was uploaded to VirusTotal from Italy this week, but experts haven’t linked it to a specific attack yet. Shamoon was first observed in 2012 when it infected and wiped more than 30,000 systems at Saudi Aramco and other oil companies in the Middle East. Four years later, a […]

Pierluigi Paganini March 18, 2018
Hackers tried to cause a blast at a Saudi petrochemical plant

A new cyber attack against a Saudi petrochemical plant made the headlines, hackers attempted to hit the infrastructure in August. Do you remember the powerful cyber attack that in 2012 hit computers at Saudi Aramco? A new cyber attack against a petrochemical plant in Saudi Arabia made the headlines, hackers attempted to hit the infrastructure in August. […]

Pierluigi Paganini November 24, 2017
Advanced cyber attack hits Saudi Arabia to disrupt government computers

Saudi Arabia announced to have detected an “advanced” cyber attack targeting the kingdom with the intent to disrupt government computers. On Monday, Saudi authorities announced to have detected an “advanced” cyber attack targeting the kingdom. According to the experts at the Saudi National Cyber Security Centre, the attackers aimed to disrupt government computers. The attackers […]

Pierluigi Paganini March 28, 2017
Shamoon 2 – Palo Alto Networks sheds lights on the method for network distribution

Security researchers at Palo Alto Networks have determined that the Shamoon 2 malware uses a rudimentary technique for network distribution. Security researchers at Palo Alto Networks continue to analyze the dreaded Shamoon 2 malware and the recent waves of attacks, now they have determined that the threat uses a rudimentary technique for network distribution. The Shamoon 2 malware […]

Pierluigi Paganini February 26, 2017
Shamoon 2 malware, ASERT has shed light on the C2 and the infection process

The analysis conducted by Arbor Networks on the Shamoon 2 malware has shed light on the control infrastructure and the infection process. Security researchers from Arbor Networks’ Security Engineering and Response Team (ASERT) have conducted a new analysis of the Shamoon 2 malware discovering further details on the tools and techniques used by the threat […]

Pierluigi Paganini February 16, 2017
IBM shares details on the attack chain for the Shamoon malware

Security experts at IBM published a report that includes precious details on the attack chain of the dreader Shamoon cyberweapon. The dreaded Shamoon malware, aka Disttrack, has resurrected and government agencies and threat intelligence firms are investigating the recent strings of attacks leveraging the dangerous disk wiper. We detected the Shamoon malware for the first time in August 15th, […]

Pierluigi Paganini January 24, 2017
Symantec speculates Shamoon 2 attacks aided by Greenbug hackers

Security researchers at Symantec believed that Shamoon 2 attacks leveraged credentials stolen by hackers of the Greenbug group. A few days ago security experts at Palo Alto Networks have spotted a new strain of the Shamoon 2 malware that was targeting virtualization products. In December malware researchers from Palo Alto Networks and Symantec discovered a new variant of Shamoon, so-called […]