- Jul 22, 2014
- 2,525
Two new samples of the Shamoon data-wiping malware have been discovered in the wild, after a period of silence that lasted for about two years.
Shamoon was first seen in attacks against Saudi Aramco oil provider in 2012 when it erased data on more than 35,000 computer systems belonging to the company.
Four years later, it was spotted in attacks against private organizations in the same region that perpetuated until January 2017.
Sample comes with an old trigger date
In a report sent to BleepingComputer, the research team from Chronicle (cybersecurity subsidiary of Google's parent company, Alphabet Inc.) says that the new strains were uploaded to VirusTotal on December 10, from Italy.
One variant of Shamoon Chronicle is currently investigating, has the trigger date and local time set to December 7, 2017, 23:51. The researchers note that this is about one year before it was uploaded to the VirusTotal platform.
"Because of this, it is not known if this sample was used last year or if the actors used an intentional historic trigger date to immediately start destructive operations," the experts note.
...
...
Shamoon was first seen in attacks against Saudi Aramco oil provider in 2012 when it erased data on more than 35,000 computer systems belonging to the company.
Four years later, it was spotted in attacks against private organizations in the same region that perpetuated until January 2017.
Sample comes with an old trigger date
In a report sent to BleepingComputer, the research team from Chronicle (cybersecurity subsidiary of Google's parent company, Alphabet Inc.) says that the new strains were uploaded to VirusTotal on December 10, from Italy.
One variant of Shamoon Chronicle is currently investigating, has the trigger date and local time set to December 7, 2017, 23:51. The researchers note that this is about one year before it was uploaded to the VirusTotal platform.
"Because of this, it is not known if this sample was used last year or if the actors used an intentional historic trigger date to immediately start destructive operations," the experts note.
...
...
