Iranian Shamoon malware is back after a four-year sabbatical to haunt Saudi Arabia.
The never ending cyber war between Iran and Saudi Arabia has reached a new height – Same goes for the use of Shamoon malware from Iran against the Kingdom. The renewed attacks have come after a four-year sabbatical with what seems like a newer, improved strain of the Shamoon malware virus. The Saudi government had issued a warning notice last month to all telecommunications companies of the detection of the malware attack on many organizations and networks, including government departments.
The 2012 attack was carried out using the original virus. That time Aramco the state-owned oil producer was the primary target, in what is still today one of the most destructive attacks detected. 30’000 or more computers were damaged or destroyed in the attack.
On February the 10th the State Department issued a report which stated that 75% of Aramco’s computers were compromised in the 2012 attack, the cost was not declared, but the five months it took to mitigate was at “an extreme cost.”
U.S. officials have warned that this orchestrated attack is a renewal of its takeover strategy of the region. Oil-rich Saudi Arabia‘s demise could tip the balance away from U.S. and regional allies. Other allies such as Qatar, have also been attacked by the malware originated from Iran. Shamoon was used against Rasgas, a Qatari-based gas company.
An internal National Security Agency memo warned of the expansion of Iranian influence in the middle east using cyber attacks on opposing countries in the region.
The 2013 memo leaked by the infamous Edward Snowdon stated: “NSA has seen Iran further extending its influence across the middle east over the last year.”
After the 2012 attack, the Saudi officials were given cyber security and technology training by the U.S. government which had stemmed the attacks. In November however, a newer version of the malware surfaced in a new cyber attack. This attack was traced back to the hacker group called Greenbug by security officials.
Shamoon 2 used fraudulent e-mails in multiple phishing scams to obtain login credentials for Saudi networks. The latest hacks have been linked to two Iranian groups known as “Cadelle and Chafer” in security circles. A cyber security specialist who must remain anonymous explained that, unlike the previous attack, this attack was only designed to damage, which was why Shamoon 2 was not as destructive as the 2012 attack.
The Iranian hackers stole large amounts of data from the computer network, after that, a digital wiping tool was used to remove all data from the devices. They left a burning American flag image as a calling card in the 2012 attack, in the recent attack an image of a dead Syrian refugee boy was left.
Initially, The U.S. targeted Iranian nuclear facilities with cyber attacks using an industrial control software called Stuxnet which had caused nuclear centrifuges to self-destruct. The NSA believe these are a direct retaliation for those attacks.
Many experts believe the ongoing cyber attacks are part of Shiite Iran’s long-term strategy to rid the Islamic world of the Wahhabist dominance and influence exerted by the mainly Sunni Kingdom of Saud. The NSA believe there will be further continuation even an escalation of the attacks as it has been viewed as a success so far by Tehran.
A warning issued by the State Department stated “Devastating Cyber Attack Program Returns to Saudi Arabia”, further adding “The increased tensions and unpredictable future between Iran, Saudi Arabia and the U.S. raises the potential for U.S. companies in the region to be future targets for a cyberattack, either with Shamoon or similar malware tuned for destruction rather than corporate espionage or theft.”
The conflict in Yemen has seen the opposing governments backing different sides in the country. The proxy war is being fought by the pro-Saudi government, while Iran is supporting the Houthi militia. The escalation of the war has seen mass civilian casualties in the civil war, so much so the Obama administration first ceased its covert drone attacks and then delayed the delivery of precision-guided bomb kits which were to be used to turn gravity bombs into precision-guided missiles.
And with the increased awareness of the fatalities in the conflict, it forced Obama into a controversial policy U-turn by sending the Secretary of State John Kerry in to try and negotiate a deal to end the war. Many officials were critical of the outgoing administration’s proposed deal citing it would be to the detriment of the Saudi’s while shifting power to Iran
With the Iran government stepping up with direct help in the form of sending Islamic Revolutionary Guards Corps to fight alongside fighters from Iraq fresh from defeating Isis, Al-Nusra and other terrorist organizations that were operating in Iraq. U.S. officials say the Houthis are now planting sea mines of the coast of Yemen under the guidance of Iran. It is believed the aim of Iran is to create a choke hold first on Bab-el-Mandeb, a widely used shipping lane between the Red Sea, Suez Canal and the Indian Ocean. While using the control they have of the Strait of Hormuz, to weaken Saudi Arabian influence in the region.
Recently, a Saudi warship was attacked using a boat loaded with explosives, that was remote controlled much like a drone attack except at sea. Due to this ramping up of activity against the U.S. ally, America dispatched the destroyer USS Cole to patrol the regional waters. Warnings have been issued to shipping companies using the regional shipping lanes to check in with the U.S. Navy before proceeding into the area.
It is now reported, the Trump administration is close to lifting the ban on arms sales to the Saudi’s, and the goal of peace and warmer relations with Iran have been binned.