Executive Perspectives

McAfee Raises the Stakes Against Cyberespionage

On November 17, 2016, Shamoon malware struck once more. As with the first Shamoon assault five years ago, the target was Saudi Arabia. But while earlier attacks focused on critical oil and gas infrastructure, last fall’s campaigns targeted Saudi government institutions, financial services, and other sectors. The objective was to ...

Executive Perspectives

The State of Shamoon: Same Actor, Different Lines

Naming the recent data-wiping attacks in Saudi Arabia as a continuation of the Shamoon campaign suggests that we are dealing with identical malware and procedures. However, there are fundamental differences between the campaigns of 2012 and 2016‒17, and these differences provide a fascinating insight into the development process of the ...

Enterprise Executive Perspectives

Shamoon Returns, Bigger and Badder

In November 2016, we published a blog that drew comparisons between samples that we had received to that of the 2012 ‘Shamoon’ campaign. Since November, there has been a considerable amount of research corroborating our initial assertions, which we have reviewed against our own continuing analysis. We found that the ...

Enterprise

McAfee Strategic Intelligence/Shamoon 2 Q&A Blog

McAfee has linked a series of cyber-attacks in Saudi Arabia to a common malicious actor rather than to individual cyber gangs in the region. McAfee Strategic Intelligence researchers, working closely with McAfee’s Advanced Programs Group, have released evidence that a series of cyber-attacks targeting the Persian Gulf and, specifically, Saudia ...

McAfee Labs

Spotlight on Shamoon

Our analysis this month has pointed to Shamoon emerging in the Middle East. We have recently seen a number of similarities that we had highlighted in our earlier blogs (on mcafee.com). The campaign continues to target organizations in the Middle East from a variety of verticals. Reports suggest that a ...

McAfee Labs

Shamoon Rebooted in Middle East, Part 2

Last week we provided some initial analysis on recent attacks targeting organizations in the Middle East.  The attack has hallmarks of the Shamoon campaign of 2012. We now have additional data related to the components used within the new campaign, which has three distinct components: dropper, wiper, and wiper driver. ...

McAfee Labs

Shamoon Rebooted?

We have recently received notifications and samples from impacted organizations in the Middle East that have hallmarks of the Shamoon campaign from 2012. The main component of these attacks was the usage of a wiper component that, once activated, destroyed the hard disks of infected machines. The initial infection vector ...

Subscribe to McAfee Securing Tomorrow Blogs