back to article Disk-nuking malware takes out Saudi Arabian gear. Yeah, wipe that smirk off your face, Iran

At least 15 Saudi government offices and private companies have been hit by another wave of attacks from Shamoon 2 malware that leaves hard drives completely erased. Shamoon 2 first surfaced in 2012, when it was used in a highly targeted attack against Saudi Aramco, the desert state's oil company that pumps 10 per cent of the …

  1. Brian Miller

    Can haz tapes?

    I read a while back that Google was the #1 buyer of magnetic tape. I wonder if the Saudis bothered to splash some cash on backups.

  2. Anonymous South African Coward Bronze badge

    tit for tat format c: ?

    1. Destroy All Monsters Silver badge

      The only way to win is not to mount.

  3. poohbear

    "The motive for the attacks isn't known, but the malware is thought to be the creation of Iranian state-sponsored hackers. There is speculation that this latest Saudi infection might be retaliation for hacking against Iranian petrochemical facilities."

    "Thought" and "speculated" by who? Sources would be nice.

    I hope ElReg is not now part of some propaganda war.

    1. Wiltshire

      "Thought" and "speculated" are euphamisms for something for sure.

      Like Al Beeb's "the BBC has learned". It sounds more authoritative and objective than "somebody just told me"

      1. DropBear

        Perhaps we should then agree on a suitable set of euphemisms to unequivocally distinguish "we're not saying it was them but technically it totally was them, 110%, on good authority" and "the idea has been floated around by various entities without half a clue but plenty of agenda" without having to articulate either of those explicitly. Right now they're kinda blurring together...

      2. Anonymous Coward
        Anonymous Coward

        "the BBC has learned"

        Actually is more likely to be "the BBC can exclusively reveal" nowadays ..... normally followed by "and there is more on this in Panorama at 9pm on BBC1" as they subtley replace news reports by rtaielrs for TV programs

        1. crayon

          "the BBC can exclusively reveal"

          Can you have exclusive tweets? That's where the BBC seem to be getting their news these days.

      3. joea

        Ah, well . . .

        While that may be so in this case, that is a dangerous presumption, generally. I'm sure no explanation is required.

    2. Voland's right hand Silver badge

      This is well known as: "One (well informed) birdie told me so".

      Attacks like this usually leave no traces so it is all conjectures based on target choice and "who will benefit from this".

  4. Wiltshire

    "Irregular commands by a virus may cause danger."

    Err, regular commands by a virus cause something else?

    Or just lost in translation?

    1. chivo243 Silver badge
      Coat

      "Irregular commands by a virus may cause danger." Insert your Lost in Space Will Robinson joke here!

  5. John Smith 19 Gold badge
    Unhappy

    Once the US and Israel sent out Stuxnet everyone felt they could play this game.

    And it looks like everyone will.

    Pro tip from "Zero days." There are no air-gapped systems.

    Although you'd figure the Saudi oil and petrochems industries would try quite hard to keep their guards up, given how big a chunk of their economy is invested in them.

    In some senses it does not matter where the threat originated. Planning for it (and what to do when, not if it happens) really should be part of all business continuity plans. A big business has a lot to lose, and they are both big businesses

    1. Khaptain Silver badge

      Re: Once the US and Israel sent out Stuxnet everyone felt they could play this game.

      Do the Saudis actually administer their systems or are expat doing it for them...

      If it's expats that I would "presume" that they do actually have some kind of BCP/DRP in place, it's not like there are too many budgetary restraints.

    2. Anonymous Coward
      Anonymous Coward

      Re: Once the US and Israel sent out Stuxnet everyone felt they could play this game.

      Although you'd figure the Saudi oil and petrochems industries would try quite hard to keep their guards up, given how big a chunk of their economy is invested in them.

      There is no "You can keep your guard up" if everything you do is bought. There is sub-1% of Saudis in their IT and Petrochem. The rest are foreign contractors. Mercenaries. While this is a problem around the Gulf in general, Saudi are probably the worst, followed closely by Kuwait. Emirates, Qatar, Oman, Bahrain have managed to build some education systems and create a pool of locals with suitable education. It is not big, but there are some in key places. Compared to that Saudi is all "buy more of these slaves, and gimme a kickback".

      So breaching the air gap becomes simply a matter of following the classic quote from Kusturica's "Time of The Gypsies": "As our Bulgarian friends say, what cannot be bought with money, can be bought with lots of money".

    3. Anonymous Coward
      Anonymous Coward

      Re: Once the US and Israel sent out Stuxnet everyone felt they could play this game.

      "you'd figure the Saudi oil and petrochems industries would try quite hard to keep their guards up"

      More likely some functionary brought in a USB stick that he'd earlier downloaded porn at home onto.

    4. Anonymous Coward
      Anonymous Coward

      Re: Once the US and Israel sent out Stuxnet everyone felt they could play this game.

      The Zero Days reference I presume is the BBC Storyville documentary?

      http://www.bbc.co.uk/iplayer/episode/b08bcc18/storyville-zero-days-nuclear-cyber-sabotage

  6. Anonymous Blowhard

    So what's the Saudi punishment for hacking? Cut off their broadband?

  7. Anonymous Coward
    Terminator

    Shamoon 2 used in highly targeted attack against Microsoft™ Windows©

    "Shamoon 2 used in highly targeted attack against Saudi Aramco"

    "Shamoon 2.0 .. tries to access the ADMIN$, C$\Windows, D$\Windows, and E$\Windows shares on the target systems with current privileges." ref ref ref

  8. chivo243 Silver badge
    Headmaster

    Not getting out much?

    "If this latest attack on Saudi Arabia is retaliation, then it appears we could be seeing the first nation-to-nation cyberwar."

    C'mon, aren't the Korea's constantly in a cyberbicker? US and their old friends the Russians? And the Chinese and the....._______ aw just fill in the blank already.

  9. Trumpet Winsock

    Shamoon 2.0

    Sounds like a Maroon 5 tribute band...

    1. Tom_

      Re: Shamoon 2.0

      Awful?

  10. Anonymous Coward
    Anonymous Coward

    "Shamoon"?

    Is this evidence that Michael Jackson is alive and secretly faked his own death to work on malware?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like