What did the Shamoon virus do?

What did the Shamoon virus do?

Shamoon was designed to erase and overwrite hard drive data with a corrupted image and report the addresses of infected computers back to the computer inside the company’s network. The malware had a logic bomb which triggered the master boot record and data wiping payload at 11:08 am local time on Wednesday, August 15.

Who was Shamoon?

Shamoon, also called W32. Disttrack, is a computer virus that has been used for cyber espionage, particularly in the energy sector. The malware was first discovered in August 2012, when it compromised thousands of computers in Saudi Arabia. An attacker launches Shamoon on a network.

Who was behind Saudi Aramco cyber attack?

The attack forced Aramco to shut down its network and destroy over 30,000 computers. U.S. officials later blamed that attack on Iran, whose nuclear enrichment program had just been targeted by the Stuxnet virus, likely an American and Israeli creation.

Why was the Saudi Aramco cyberattack significant?

In 2012, Saudi Arabia blamed unidentified people based outside the kingdom for a hack against the oil giant that aimed to disrupt production from the world’s largest exporter of crude. The so-called “spear-phishing” assault destroyed more than 30,000 computers within hours.

Who was responsible for Shamoon?

Shamoon data-wiping malware believed to be the work of Iranian hackers. Researchers say the Iranian hacker group APT33 is responsible for recent attacks in the Middle East and Europe. A spate of recent attacks involving the Shamoon data-wiper malware family has been attributed to the Iranian hacking group APT33.

Who created Shamoon?

Shamoon is wiper malware that was first used by an Iranian group known as the “Cutting Sword of Justice” in 2012. Other versions known as Shamoon 2 and Shamoon 3 were observed in 2016 and 2018. Shamoon has also been seen leveraging RawDisk and Filerase to carry out data wiping tasks.

How long did it take for Saudi Aramco to recover from Shamoon?

seventeen days
In 2012, the Saudi Arabian Oil Company was struck by a computer virus which enabled the attackers to compromise 35000 windows-based computers (Bronk and Tikk-Ringas 2013) . It took seventeen days to fully restore its network and recover from disruption. …