McAfee released research identifying extensive similarities between the 2012 cyber-attack on the energy sector in Saudi Arabia, called Shamoon, and the latest cyber espionage campaigns in 2016 and 2017.
McAfee released evidence that a series of Shamoon malware campaigns targeting Saudi Arabia are the work of one coordinated force of attackers, rather than that of multiple independent renegade hacker groups.
The company said in its announcement that, “The similarities suggest that the actors behind the attacks are colluding in their development of cyberwarfare and cyber espionage capabilities.”
The research is part of a new McAfee research group, the Strategic Intelligence group, which unveiled key attack indicators of similar cyber-attack campaigns around the world.
“The Strategic Intelligence Group is investigating the technology and tactics of the latest cyberwarfare and cybercrime campaigns as part of McAfee’s commitment to deep threat research, intelligence sharing, combating cybercrime and helping the public and private sectors address today’s most advanced threats,” the company said.
“The Shamoon disclosure surveys the evolution of Shamoon malware campaigns, from the 2012 attacks on the Middle Eastern energy sector, to the latest cyber espionage campaigns of 2016 and 2017,” McAfee said, noting, “Whereas earlier Shamoon campaigns targeted a relatively small number of energy sector organizations to disrupt the operations of the region’s critical energy industry, the more recent attacks focused on a greater number of organizations in the energy, government, financial services and critical infrastructure sectors of Saudi Arabia.”
McAfee said, “The commonalities between these campaigns suggest that, rather than being the product of multiple independent hacker groups, they are more likely the product of one comprehensive cyber espionage operation on the scale one would expect from a serious geopolitical actor. Furthermore, the findings illustrate the arch of the actor’s development and increased sophistication over the last five years. It is the latest evidence that rogue state and stateless actors are developing cyberwarfare and cyber espionage capabilities without which they would otherwise be unable to gain advantages versus major state actors and their extensive conventional military and surveillance capabilities.”
"We strongly believe that the latest threat data must becomplemented with a deeper understanding of how today’s advanced cyberattacks operate," said Raj Samani, Chief Scientist and head of McAfee Strategic Intelligence, the group leading McAfee’s investigative research. "The revelations of this latest research remind us that data can be the difference, but only if we can gain a view into the inner workings of threats, the campaigns they spearhead and the individuals and organizations behind them."