U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

APT

Advanced cyber attack hits Saudi Arabia to disrupt government computers

Saudi Arabia announced to have detected an “advanced” cyber attack targeting the kingdom with the intent to disrupt government computers. On Monday, Saudi authorities announced to have detected an “advanced” cyber attack targeting the kingdom. According to the experts at the Saudi National Cyber Security Centre, the attackers aimed to disrupt government computers. The attackers […]

TortoiseShell

FILE- In this Monday, Oct. 6, 2003 file photo, Saudi Arabian capital Riyadh with the ‘Kingdom Tower’ photographed through a window of the ‘Al-Faislia Tower’ in the Saudi Arabian capital Riyadh. Saudi Arabia’s stock exchange has opened up to direct foreign investment for the first time. The decision to open up the Tadawul stock exchange on Monday comes at a crucial time for Saudi Arabia, whose revenue has taken a hit from the plunge in oil prices over the past year. The kingdom is the world’s largest exporter of crude. (AP Photo/Markus Schreiber, File)

Saudi Arabia announced to have detected an “advanced” cyber attack targeting the kingdom with the intent to disrupt government computers.

On Monday, Saudi authorities announced to have detected an “advanced” cyber attack targeting the kingdom. According to the experts at the Saudi National Cyber Security Centre, the attackers aimed to disrupt government computers.

The attackers leveraged the Powershell, but at the time of writing Government experts it did not comment on the source of the attack.

PowerShell is extremely powerful and that attackers are increasingly using it in their attack methods. PowerShell is a default package that comes with Microsoft Windows OS and hence it is readily available on the victim machines to exploit.

“Powershell is Predominantly used as a downloader”

The most prominent use of PowerShell, that is observed in the attacks in-the-wild, is to download the malicious file from the remote locations to the victim machine and execute it using commands like Start-ProcessInvoke-Item OR Invoke-Expression (-IEX) file OR downloading the content of the remote file directly into the memory of the victim machine and execute it from there.

Back to the attacks that hit Saudi computers, the NCSC speculates the involvement of an APT that used spear phishing attacks to infiltrate computers in the Kingdom.

“The NCSC has detected a new Advanced Persistent Threat (APT) that is targeting Saudi Arabia,” the agency said in a statement.

Saudi Arabia was targeted several times by APT, the most clamorous attack was conducted with the Shamoon wiper in 2012 against computers in the Saudi energy sector in 2012.

Computers at Saudi Aramco, one of the world’s biggest oil companies, was disrupted by Shamoon in what is believed to be the country’s worst cyber attack yet.

In the attack against Saudi Aramco Shamoon wipe data on over 30,000 computers and rewrite the hard drive MBR (Master Boot Record) with an image of a burning US flag.

The first team that discovered the malware was Kaspersky Lab that had analyzed some instances of the threat linked to the “wiper agent” due to the presence of a module of a string with a name that includes “wiper” as part of it.

Early this year, Saudi authorities warned of a new wave of attacks that leveraged the Shamoon 2 malware targeting the country.

In January, the Saudi Arabian labor ministry had been attacked and also a chemical firm reported a network disruption.

shamoon Saudi Arabia

According to security experts, the threat actor behind the Shamoon attacks was likely working on behalf of the Iranian government in 2012.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – Malware, Saudi Arabia)

[adrotate banner=”5″]

[adrotate banner=”13″]