Tuesday, April 18, 2017

Shamoon2 Overwrites and Attacks Saudi Targets

Wapack Labs's research has uncovered Iranian actors using Shamoon2 against Saudi infrastructure and industry targets. Shamoon2 renders infected systems inoperable by overwriting the Master Boot Records (MBR). The actors responsible are using commercially available kernel drivers, which may indicate a lack of experience with Windows kernel development. Though, there is evidence indicating the malware was designed by reverse engineering malware attributed to a nation-state, suggesting that their skills are improving. Further attacks against Saudi-related targets using the Shamoon-family of malware are highly likely...READ MORE

Wapack Labs has cataloged and reported extensively on malware in the past. An archive of related reporting can be found in the Red Sky Alliance portal.