Saudi Arabia warns on cyber defense as Shamoon resurfaces
Saudi Arabia on Monday warned organisations in the kingdom to be on the alert for the Shamoon virus, which cripples computers by wiping their disks, as the labour ministry said it had been attacked and a chemicals firm reported a network disruption.
An alert from the telecoms authority seen by Reuters advised all parties to be vigilant for attacks from the Shamoon 2 variant of the virus that in 2012 crippled tens thousands of computers at oil giant Saudi Aramco.
Shamoon disrupts computers by overwriting the master boot record, making it impossible for them to start up. Former US Defense Secretary Leon Panetta said the 2012 Shamoon attack on Saudi Aramco was probably the most destructive cyber attack on a private business.
In the 2012 hacks, images of a burning US flag were used to overwrite the drives of victims including Saudi Aramco and RasGas Co Ltd. In the recent attacks, an image of the body of 3-year-old drowned Syrian refugee Alan Kurdi was used in recent attacks, according to US security researchers.
The Shamoon hackers were likely working on behalf of the Iranian government in the 2012 campaign and the more-recent attacks, said Adam Meyers, vice president with cyber security firm CrowdStrike. "It's likely they will continue," he said.
State-controlled Al Ekhbariya TV said on Twitter, using the hash tag #Shamoon, that several Saudi organisations had been targeted in recent cyber attacks.
The state news agency, meanwhile, said the labour ministry had been hit by a cyber attack, but that it did not impact its data.
Jubail-based Sadara Chemical Co, a joint venture firm owned by Saudi Aramco and US company Dow Chemical, said it had experienced a network disruption on Monday morning and was working to resolve the issue.
The company made the disclosure on its official Twitter account after the warning by Al Ekhbariya TV, which cited the telecoms authority.
It did not say whether the disruption was due to a cyber attack but said as a precautionary measure it had stopped all services related to the network.
Other companies in Jubail, the hub of the Saudi petrochemicals industry, also experienced network disruptions, according to sources who were not authorised to publicly discuss the matter.
Those companies sought to protect themselves from the virus by shutting down their networks, said the sources, who declined to identify specific firms.