Last Updated on May 24, 2015
Update August 17: More details about Shamoon, the malware targeting Saudi Aramco and other Middle East companies belonging to Energy Sector. Apparently the destructive details unveiled yesterday are confirmed.
Upate August 27: Saudi Aramco Admits 30K workstations affected.
I have just received a couple of tweets from an unknown user @cyberstrikenews providing more details about the latest Cyber Attack in Middle East targeting Saudi Arabian Oil Company (Saudi Aramco).
[tweet https://twitter.com/cyberstrikenews/status/236036148097601536 align=’center’]
The Oil Company declared that “production had not been affected” and even if the virus affected some computers, it did not penetrate key components of the network. The company also said it would return to normal operating mode soon.
From the information I have received (I cannot verify the integrity of the source, so I report the data integrally), the situation appears quite different:
- The company has about 40000 computer clients and about 2000 servers, the destructive virus was known to wipe all information and operation system related files in at least 30000 (75%) of them all data lost permanently.
- Among the servers which (were) destroyed are the company main web server, mail server (smtp and exchange), and the domain controller which as the central part of their network.
- All clients are permanently shut down and they will not be able to recover them in a short period.
- The main company web site ( www.aramco.com ) was down during 24 hours and at last they redirected it to an outside country web site called “www.saudiaramco.com”.
Apparently the web site has just been restored to normal operation redirecting the user to Saudi Aramco.
After Stuxnet, Duqu, Flame and Gauss, yet another confirm that there is no cyber peace in middle East!
References:
This is weak compared to the next attack more closely designed off of Stuxnet, foolishly not self-destructive by the Israelis (8200 unit) and NSA engineers. The next attack must have defenses in place: flash drives removed wherever you can and where you can’t, then physically locked flash drives. Digital signed code. The future attack can have a payload that physically destroys equipment…have backup equipment at hand to replace, despite the cost. NSA has to protect you as it does power grid in America and NSA has to protect banks and backbones and nuclear facilities. Defense is not hard; deterrence is impossible. Once Bluffdale operates we are all safer against the nuclear digital weapon now out there in the wild…making botnets look like a bow and arrow.
Pingback: Deconstructing the Al-Qassam Cyber Fighters Assault on US Banks | The Business Defense News Network
Pingback: Deconstructing the Al-Qassam Cyber Fighters Assault on US Banks | Analysis Intelligence
Pingback: Another Wiper Malware Discovered in Iran? « Hackmageddon.com
the problem is contributed to the current management as tey are the worest one that is putting alot of pressure on the employees.