Pierluigi Paganini March 18, 2018

A new cyber attack against a Saudi petrochemical plant made the headlines, hackers attempted to hit the infrastructure in August.

Do you remember the powerful cyber attack that in 2012 hit computers at Saudi Aramco?

A new cyber attack against a petrochemical plant in Saudi Arabia made the headlines, hackers attempted to hit the infrastructure in August.

The news was reported by the New York Times, hackers hit the petrochemical plant in Saudi Arabia with sabotage purposes, and fortunately, the attack failed only because of a code glitch.

“In August, a petrochemical company with a plant in Saudi Arabia was hit by a new kind of cyberassault. The attack was not designed to simply destroy data or shut down the plant, investigators believe. It was meant to sabotage the firm’s operations and trigger an explosion.” reported The New York Times.

The investigators did not attribute the attack to a specific threat actor, but people interviewed by the NYT under a condition of anonymity explained that the cyber attacks likely aimed to cause a blast that would have guaranteed casualties.

The cyberattack did not have dramatic consequences due to an error in the malicious code that shut down the system instead of destroying it.

The attack seems to be the result of an operation conducted by a foreign government, it is the evidence of a dangerous escalation in international hacking that could inflict serious physical damage.

The NYT said that sources declined to name the company operating the plant as well as the government suspected to have powered the cyber attack.

” the attackers were sophisticated and had plenty of time and resources, an indication that they were most likely supported by a government, according to more than a dozen people, including cybersecurity experts who have looked into the attack and asked not to be identified because of the confidentiality of the continuing investigation.” continues the newspaper.

“The only thing that prevented an explosion was a mistake in the attackers’ computer code, the investigators said.”

Security experts interviewed by the NYT said that due to the level of sophistication of the attack on the Saudi petrochemical plant only a few Government could have baked the offensive, including Iran, China, Russia, Israel and the United States.

The Saudi Arabian Government did not comment the event, its infrastructure is under incessant attacks.

Saudi Arabia was targeted several times by APT, the most clamorous attack was conducted with the Shamoon wiper in 2012 against computers in the Saudi energy sector in 2012.

Computers at Saudi Aramco, one of the world’s biggest oil companies, was disrupted by Shamoon in what is believed to be the country’s worst cyber attack yet.

In the attack against Saudi Aramco Shamoon wipe data on over 30,000 computers and rewrite the hard drive MBR (Master Boot Record) with an image of a burning US flag.

Early 2107, Saudi authorities warned of a new wave of attacks that leveraged the Shamoon 2 malware targeting the country.

In January 2017, the Saudi Arabian labor ministry had been attacked and also a chemical firm reported a network disruption.

On Nov. 2017, 2016, a cyberattack paralyzed a number of computers of Saudi government wiping their hard drives. According to the experts at the Saudi National Cyber Security Centre, the attackers aimed to disrupt government computers.

The attackers leveraged the Powershell, but at the time of writing Government experts it did not comment on the source of the attack.

A few days later, the same attack hit other Saudi targets with the same wiper.

According to the New York Times, the August attack was “much more dangerous” than Shamoon, according to The New York Times, and likely aimed to send a political message — investigators said the code had been custom-built with no obvious financial motive.

“The attack in August was not a Shamoon attack. It was much more dangerous.” continues NYT.

“Investigators believe a nation-state was responsible because there was no obvious profit motive, even though the attack would have required significant financial resources. And the computer code had not been seen in any earlier assaults. Every hacking tool had been custom built.”

The attribution of the attack in this phase is quite impossible, in recent years the tensions between Iran and Saudi Arabia have steadily escalated and the conflict shifted in the cyberspace.

Pierluigi Paganini

(Security Affairs – Saudi petrochemical plant, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]