Shamoon 2 Attacks Continue To Spread

Security specialists discovered a new ongoing Shamoon 2 malware attack campaign, to learn more about the threat continue reading our article.

Shamoon 2 Malware Hits Again

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Security experts from Palo Alto Networks detected a new attack wave of the Shamoon 2 Malware which has been used in various large-scale campaigns. The newa versions targets various virtualization products as reported by the technical analysis of the virus. The recent attacks were configured to wipe the contents of the infected machines at 1:30 AM Saudi Arabia time on November 29 2016. The first strain of the malware used a default configuration file that allowed the disk wiping module to be activated at 8:45 pm local time on November 17.

According to the security reports the criminal operators of the new attack wave use stolen credentials and compromised machines to deliver the virus to the target hosts. It is possible that the targets are provided by the cyber espionage group known as Greenbug. Symantec experts warn that the hacker collective targets a range of organizations in the Middle East which include companies in the investment, aviation, energy, government and education sectors. The Greenburg hackers use the alternate data streams (ADS) to avoid detection by security countermeasures. These are attributes in the NTFS file system which are used by the Microsot Windows operating system and its associated programs.

Their members use a custom data stealing remote access Trojan known as Ismdoor and related hacker tools to steal account credentials from the targets. Used infection methods include email spam messages and various phishing attempts. Various security researchers propose that there is a possible link between the Ismdoor and Shamoon attack waves.

On the 23st of January the Saudi Arabian Labor Ministry stated that it has been attacked by a computer security threat. Another victim was a major chemical company, both entities reported network disruptions. No data impact was reported. It is very possible that these two attacks were caused by the combination of the dangerous malware controlled by Greenbug.

Saudi Arabia’s CERT Team (Computer Emergency Response Team) warned that at least 22 institutions were affected by the recent waves of the Shamoom malware.

SpyHunter anti-malware tool will diagnose all current threats on the computer. By purchasing the full version, you will be able to remove all malware threats instantly. Additional information about SpyHunter / Help to uninstall SpyHunter

Was this content helpful?

Author : Martin Beltov

Martin graduated with a degree in Publishing from Sofia University. As a cyber security enthusiast he enjoys writing about the latest threats and mechanisms of intrusion.


Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *