Shamoon 2.0 and StoneDrill are separate campaigns, but target the same country
The complex, destructive cyberattacks launched against Saudi Arabian businesses and government organizations in recent months are likely coming from at least two separate groups with aligned interests, according to a group of cybersecurity intelligence and research professionals. Based on newly released forensic evidence unearthed by Kaspersky Lab’s Global Research and Analysis Team, data destroying malware known respectively as Shamoon 2.0 and StoneDrill has been located in computers stationed in Saudi Arabia. Beginning in Nov. 2016, researchers say there’s been three different “waves” of Shamoon 2.0 hitting computers in Saudi Arabia — executed twice in November and most recently on Jan. 23. According to the Saudi National Cyber Security Center, Shamoon 2.0 has so far infected 11 organizations. Multiple reports attribute Shamoon 2.0 to Iranian government hackers, though Kaspersky Lab does not provide attribution. “The Iranian attacks are probably a consequence of their incredibly strained relations,” said John Hultquist, iSight’s director of espionage analysis. “Tensions rose from a stampede which […]
The post Shamoon 2.0 and StoneDrill are separate campaigns, but target the same country appeared first on Cyberscoop.
Continue reading Shamoon 2.0 and StoneDrill are separate campaigns, but target the same country