Search Results: Shamoon

Beginning in November 2016, Kaspersky Lab observed a new wave of wiper attacks directed at multiple targets in the Middle East. The malware used in the new attacks was a variant of the infamous Shamoon worm that targeted Saudi Aramco and Rasgas back in 2012.

There have been persistent media reports that the Shamoon wiper malware we previously covered is linked to attacks against Saudi Aramco. The hardcoded date in the body of destructor matches exactly the declaration by a hacker group about the date and time when the Saudi Aramco company would had been hit but we still cannot

We continue to analyse the Shamoon malware. This blog contains information about the internals of the malicious samples involved in this campaign.

Earlier today, we received an interesting collection of samples from colleagues at another anti-malware company. The samples are especially interesting because they contain a module with the following string: C:ShamoonArabianGulfwiperreleasewiper.pdb Of course, the ‘wiper’ reference immediately reminds us of the Iranian computer-wiping incidents from April 2012 that led to the discovery of Flame. The malware

In this part of the malware report we discuss the most remarkable findings of Q3 2024, including APT and hacktivist attacks, ransomware, stealers, macOS malware and so on.

An investigation of BlackJack’s software, TTPs, and motivations led Kaspersky experts to identify a possible connection with the Twelve group.

Analysis of Twelve’s activities using the Unified Kill Chain method: from initial access to deployment of LockBit- and Chaos-based ransomware and wipers.

Kaspersky experts make their predictions about ICS and OT threats: specifically, ransomware and hacktivist attacks, threats to logistics and transportation, etc.

In this report, we compare the ROADSWEEP ransomware and ZEROCLEARE wiper versions used in two waves of attacks against Albanian government organizations.

Cyberspace conflicts can take a vast number of forms, but in the context of this article, we will only focus on two of them: cyber-warfare for intelligence purposes, and sabotage and interference with strategic systems in order to hinder a state’s ability to govern or project power.

By investigating a number of targeted ransomware attacks and through discussions with some of our trusted industry partners, we feel that we now have a good grasp on how the ransomware ecosystem is structured.

The two hours of our first “GReAT Ideas. Powered by SAS” session were not enough for answering all of the questions raised, therefore we try to answer them below.

For more than two years, the Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat (APT) activity. This is our latest installment, focusing on activities that we observed during Q1 2020.

If you read my previous blogpost, “Hunting APTs with YARA” then you probably know about the webinar we’ve done on March 31, 2020, After it we received a number of interesting questions and as I promised, I will try to answer them below.

The end of the year is a good time to take stock of the main cyberthreat incidents that took place over the preceding 12 months or so. To reflect on the impact these events had on organizations and individuals, and consider what they could mean for the overall evolution of the threat landscape.