Shamoon is a notorious data-wiping malware that targeted over 35,000 computer systems owned by Saudi Aramco in 2012. It resurfaced in 2016 and was actively targeting a number of other private organizations till January 2017 before becoming inactive again. The malware has made its second comeback, and there are two variants out there according to a report.
A research team from Chronicle, which is a subsidiary of Google’s parent company Alphabet revealed that the two new malware variants were discovered on December 10 and uploaded to VirusTotal. One of the malware variants has a trigger date from December 2017, but there have been no reported instances of the Shamoon malware being used in the past year.
Chronicle also revealed that it currently has no evidence to link the new malware to specific attacks that took place in the past year and the identity of the malware author is unknown as well. However, last week an Italian oil services company in Italy suffered a cyber attack, and 300 servers were affected across the world in India, Scotland, Italy and the Middle East. The oil company (Sapiem) is currently investigating the incident and has claimed that the Shamoon malware was used. Currently, the oil company is trying to restore its activity after the setback suffered due to the malware attack.
With the latest attack by the malware targeting an oil company just like the previous iteration of Shamoon, it is possible that the cyberattacks are being controlled by the same cybercriminals. Investigations are currently ongoing, and Sapiem is yet to release a full report detailing their findings of the recent attack for further analysis by security companies.
What do you think about the Shamoon malware resurfacing two years since its last appearance? Let us know in the comments below. Don’t forget to also join Facebook and Twitter discussions on this or other news from TechNadu.