back to article Because I'm bad, I'm bad, Shamoon: PC wiper tried to shut down Saudi snapshot defences

Security researchers have identified a second wave of Shamoon 2 PC-wiping attacks against a further target in Saudi Arabia last November. The new research shows hackers upping the ante and developing more sophisticated, multi-stage attacks. The original Shamoon attack hobbled the network of Saudi Aramco in 2012. Similar …

  1. Anonymous Coward
    Anonymous Coward

    Russian proxy is attacking American servant :-)

    1. Anonymous Coward
      Anonymous Coward

      I think you'll find the US is a servant of Saudi. What with all that black stuff underground.

      1. adnim

        Mutually unethical

        No noise about human rights abuse.

        Plenty of oil bought.

        Plenty of weapons sold.

      2. This post has been deleted by its author

  2. Stevie Silver badge


    I can think of more likely culprits than Iran, state actors with "form", if the spin I'm gtting is in any way, shape or form some approximation of the truth.

    I'll wait over here wearing the pointy hat until you all stop laughing.

    1. John Smith 19 Gold badge

      " can think of more likely culprits than Iran, state actors with "form", "


      Anyone who does not like their second biggest export.

  3. Anonymous Coward
    IT Angle

    Shamoon PC-wiping PC-wiping malware

    "The second malware payload .. met Windows password complexity requirements"

    The solution being to ban Windows passwords from your computer network.

  4. phuzz Silver badge

    So the attackers are using credentials they presumably stole in their first attack. Are they really expecting that Saudi Aramco wouldn't change all their passwords? They did change all their passwords right?

    1. Crazy Operations Guy

      Seems like the answer is "no"...

  5. Version 1.0 Silver badge

    Gone in 60 seconds

    My impression of Saudi security is that any contact with their email systems results in a maniac amount of spam arriving within days, not weeks. This suggests to me that their entire network is infested with malware at a simple commercial spam/hack level so what it looks like to a nation-state level attack I dread to think.

  6. Crazy Operations Guy

    When will people learn?


    The only thing that should be considered a proper backup is data that has been written to WORM media and has been confirmed good, anything else is worthless for the purpose of backing things up.

    While we're at it, RAID is not backup, neither is Disk-to-Disk (useful as -part- of a backup system, but should never be the sole backup strategy).

  7. This post has been deleted by a moderator

  8. sitta_europea Silver badge

    VDI = Virtual Disc Image

  9. GingerOne

    Why do the Americans still insist on blaming Iran for everything? There has been no conclusive proof that Iran have been behind any of these 'attacks'. And, despite what they would have you believe not one single Islamic Terrorist attacking the good ol' US of A has come from Iran.

    Isreal on the other hand, they love some cyber warfare, attacking Iran as they did with Stuxnet and as for Saudi Arabia, they actually breed terrorists.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021