On 10/23, Nicole Perlroth reported for the New York Times on a cyberattack against Saudi Aramco, one of Saudi Arabia’s largest oil companies. That attack was dubbed Shamoon, and it has been widely reported that Iran is the chief suspect behind it.
What exactly is Shamoon, and what did it do? Shamoon was a malware that infected the internal networks of Saudi Aramco. According to the NYT article, Shamoon probably gained access to the network after an insider used an infected USB. Once distributed throughout the network, Shamoon initiated its more sinister application: Wiper. In what has been called one of “the most destructive acts of computer sabotage on a company to date,” the Wiper function erased all the files on the infected computers and replaced them “with an image of a burning American flag.”
Interestingly, the NYT noted that Flame–a possible U.S. backed cyber-espionage malware found trolling around in Iran–also had a wiper function, raising the question whether Iran was retaliating by using the same wiper function in Shamoon. The article went into more depth on the list of clues pointing to and away from Iran. Regardless, it seems clear that the U.S. believes Iran is responsible.
***
Peter Apps reported for Reuters and also considered Iranian efforts in cyberspace. The article went into some background on recent cyberattacks (Stuxnet, Shamoon, Flame) and the general nature of cyberwar. Moreover, the article covered how the 2009 anti-government protests served as a wakeup call to Iranian leadership on the potential and dangers of cyberspace.
2 Pingbacks