State-sponsored hackers have reportedly conducted a series of destructive malware attacks on Saudi Arabia over the last two weeks, including erasing data and wreaking havoc in the computer banks of the agency running the country’s airports and hitting five additional targets, Bloomberg reports.
U.S. security firms said that a version of Shamoon, the computer virus that crippled tens of thousands of computers at Middle Eastern energy companies four years ago, was used in mid-November to attack computers in Saudi Arabia and elsewhere in the region, according Reuters.
Security firms CrowdStrike, Palo Alto Networks Inc and Symantec Corp. did not name any victims of the new version of Shamoon, which cripples computers by wiping their master boot records that they use to start up, and also did not say how much damage had been caused or identify the hackers, Reuters reports.
Saudi authorities contacted by Bloomberg said that “several” government agencies were targeted in attacks that came from outside the kingdom but provided few other details as a probe is still in its early stages.
The sources cited by Bloomberg said digital evidence “suggests the attacks emanated from Iran. That could present President-elect Donald Trump with a major national security challenge as he steps into the Oval Office.”
Symantec’s blog said Shamoon’s “surprise comeback” was a strikingly similar version of the malware from four years ago. “Although attacks involving destructive malware such as Shamoon are relatively rare, they can be highly disruptive for the targeted organization, potentially knocking mission-critical computers offline.”
“The attackers appear to have done a significant amount of preparatory work for the operation. The malware was configured with passwords that appear to have been stolen from the targeted organizations and were likely used to allow the threat to spread across a targeted organization’s network. How the attackers obtained the stolen credentials is unknown,” Symantec said.