Tag Archives: Middle East

Another Wiper Malware Discovered in Iran?

Yet another Sunday, yet another attack in Middle East.

Iran Wiper StatementMaher Center, the Iranian Computer Emergency Response Team / Coordination Center has just released a scant report concerning another (alleged) cyber attack targeting Iran.

Few information is available so far regarding this new targeted attack. The malware, simple in design and hence apparently unrelated to the other sophisticated cyber attacks targeting the same area, seems to have an efficient design and wiping features. According to the statement, the malware “wipes files on different drives in various predefined times. Despite its simplicity in design, the malware is efficient and can wipe disk partitions and user profile directories without being recognized by anti-virus software“. However, it is not considered to be widely distributed. The report also publishes the MD5s of the five identitified components.

read more

16-30 November 2012 Cyber Attacks Timeline

November has gone and it’s time to review this month’s cyber landscape.

From a Cyber Crime perspective, November 2012 will be probably remembered for the breach to Nationwide, one of the largest insurance and financial services providers in the US, a breach that has potentially left up to 1 million users exposed. Unfortunately, in terms of massive breaches, this is not the only remarkable event of the month, just at the end Acer India has suffered a massive cyber attack culminated in the leak of nearly 15,000 records. Not comparable with the breach that affected Nationwide, but for sure of big impact.

read more

Flambé! U.S. used Facebook and Flame to hack the French President’s Network

According to the French Magazine “L’Express” earlier in May some computers in the offices of former France’s president Nicolas Sarkozy have been victims of a targeted attack carried via a Flame variant.

What is surprising is not (only) the fact that this is the first known case of a Flame infection out of the Middle East, but most of all the fact that the malware was allegedly implanted by U.S. Hackers.

The attack was successful and, according to the French magazine, the attackers were able to get to the heart of French political power, harvesting the computers of close advisers of Nicolas Sarkozy and obtaining “secret notes” and “strategic plans”.

read more

The Middle East Flame is Far from Being Extinguished

Flame

Another day, another revelation inside the (in)visible Cyber War going on Middle East. Today Kaspersky Lab has announced the discovery of another strain of malware derived from the infamous Tilded-Platform family: the little brother of Flame, the so-called miniFlame (or “John”, as named by the corresponding Gauss configuration).

The malware has been discovered while looking closer at the protocol handlers of the Flame C2 Infrastructure. An analysis that had previously revealed four different types of malware clients codenamed SP, SPE, FL and IP, and hence the fragmented evidence of a new family of cyber weapons, where one only element were known at the time the FL client corresponding to Flame.

read more

New Waves of Cyber Attacks in Middle East

The infosec chronicle has offered many interesting events in this first part of October. Upon all, the massive leak against top 100 universities by the infamous Team GhostShell, the Skype worm, and, last but not least, the U.S. congressional report accusing China’s leading telecom equipment makers, Huawei and ZTE, of being a potential security risk.

Inevitably these events are obfuscating what’s going on in Middle East where Iran, on one hand, is facing the latest wave of Cyber Attacks against its internal assets, and on the other hand, claims to have infiltrated the “most sensitive enemy cyber data”.

read more

The Human Targeted Attack To Saudi Aramco

After nearly a month, the Cyber Attack to Saudi Aramco continues to attract the attentions of Infosec Professionals. If you still have doubts about the fact the human beings are the most dangerous forms of targeted attacks, you should read this article by Reuters: according to internal anonymous sources familiar with the company’s investigation (six firms with expertise in hacking attacks have been hired, bringing in dozens of outside experts to investigate the attack and repair computers), one or more insiders with high-level access are suspected of having assisted the hackers who damaged 30,000 computers at Saudi Arabia’s national oil company last month.

read more

The Cradle of Cyber War

Yesterday Bloomberg reported the news of a new cyber attack in Middle East targeting an Oil Company. The latest victim is Ras Laffan Liquefied Natural Gas Co., a Qatari LNG producer that has shut down part of its computer systems targeted by an unidentified malware since Aug. 27.

According to the scant official information available, desktop computers in company offices were the only affected, while operational systems at onshore and offshore installations were immune, with no impact on production or cargoes.

read more

Saudi Aramco Admits 30K workstations affected

Yesterday Saudi Aramco issued a public statement declaring to have fixed most damage and restored all its main internal network services affected by the Cyber Attack occurred on August 15, 2012 (or a “malicious virus” to quote the same term used by the company).

In the same statement, the company has unveiled the real entity of the attack, confirming what was reported in my original blog post: the malicious virus originated from external sources and affected about 30,000 workstations (on a total of 40,000).

read more

The Psychosis of Targeted Attacks

Apparently the “Psychosis of Targeted Attacks” is plaguing not only the end users but even the security researchers, leading to dangerous collisions and clamorous retractions.

Yesterday the security firm FireEye published a blog post about the well-known Gauss targeted attacks, concluding that there was some sort of relationship between the Gauss and Flame malware actors based on observing C&C communication going to the Flame C&C IP address.

Unfortunately they did not realize they were observing the activities of a sinkhole operated by Kaspersky in which the sinkhole process had been organized to monitor both the Flame and Gauss C&C infrastructure.

read more