More telltale signs of cyber spying and cyber attacks arise in Middle East (+video)
A Saudi energy company has lately confirmed that its computer networks were targeted by a cyberattack. But perhaps more important is the discovery of Gauss, malware believed to be related to the Stuxnet worm that attacked Iran's nuclear centrifuges in 2009.
More evidence has surfaced that the Middle East has become a cyberspace free-fire zone, with revelations about a destructive new cyberattack on at least one energy company and the exposure of a sophisticated cyberespionage program aimed at Lebanese banks.Skip to next paragraph
Subscribe Today to the Monitor
Saudi Arabia's national oil company, Saudi Aramco, confirms reports that its computer networks were shut down last week by a malware attack. While its business network was impaired, the "interruption has had no impact whatsoever on any of the company’s production operations," Aramco reported on Facebook Aug. 15.
The next day, computer security firm Symantec announced that an energy firm it would not identify had been targeted by malware that made any computer it infected unusable by wiping clean sectors of the hard drive. There has been no reported connection between Saudi Aramco and the Symantec announcement.
The new software attack weapon, dubbed Shamoon by cybersecurity researchers, is the most recent in a series of attacks targeting key infrastructure in the Middle East region. Stuxnet, discovered in 2010, wrecked nuclear centrifuges in Iran, while its brethren, Duqu and Flame, were designed to clandestinely steal network data.
The Saudi Aramco attack and the Symantec report are reminiscent of Iran's claim that its oil terminal facilities were hit in April by a software weapon it called "Wiper." But analysis comparing the Iranian malware with the just-discovered Shamoon weapons shows them to be unrelated in terms of their authorship, according to Kaspersky Labs, a Moscow-based cybersecurity company.
"Our opinion, based on researching several systems attacked by the original Wiper, is that it is not" Shamoon, reported Kaspersky's Global Research & Analysis Team. "It is more likely that this [Shamoon attack] is a copycat, the work of script kiddies inspired by the story." "Script kiddies" are hackers who have little expertise of their own but who slightly modify existing malware.
A group calling itself the Arab Youth Group has claimed responsibility for the Saudi Aramco attack, decrying Saudi leaders for their ties to the US. But the group's claim has not been verified. "This action has been done in order to warn the Saudi rulers," said the group's message posted on pastebin, a website often used by hackers to communicate. "If the rulers of Saudi Arabia continue to betray the nation, [they] will face more severe action."
If the Saudi Aramco cyberattack does not appear to be the work of a top-notch sophisticated team, the same cannot be said for another newly discovered act of cyberespionage, dubbed Gauss. Kaspersky publicly disclosed its existence earlier this month.
Gauss has been linked to a suite of cyberweapons reportedly developed by the United States and Israel to spy on Iran and attack its nuclear infrastructure, Kaspersky researchers who discovered it reported. Stuxnet, Duqu, Flame, and now Gauss share digital features that indicate they were made by the same developer, they conclude.
"After looking at Stuxnet, Duqu, and Flame, we can say with a high degree of certainty that Gauss comes from the same 'factory' or 'factories,' ” states the Kaspersky analysis. "All these attack toolkits represent the high end of nation-state sponsored cyber-espionage and cyberwar operations, pretty much defining the meaning of 'sophisticated malware.' ”