So, it looks like that the destructive impacts of the cyber attack targeting Aramco, where definitively true. In the same hours in which the first details about the malware were disclosed, Kasperky Lab, McAfee and Symantec have dedicated respectively three blog posts to describe what appears to be the latest example of a large scale cyber attack targeting Middle East (apparently focused on companies belonging to Energy Sector).
Here we are with the statistics from the Cyber Attack Timelines for the first and the second half of July 2012. The sample included 76 attacks which have been analyzed according the three familiar parameters: Motivations behind attacks, Distribution of attacks techniques and Distribution of targets.
Approximately a couple of weeks ago, an Israeli hacker called You-r!-k@n, one of the early contenders of the Middle East Cyber War, had defaced the Iran Energy Water Website. The attack was claimed as a form of cyber protest (and cyber retaliation) against Iranian institutions executed by the same author.
You-r!-k@n keeps on his personal battle against Iran.
The latest target is the official website of Iran Energy Water (tw.org.ir), which has been defaced, showing, in several sections, of the main page, a message against the Iran Nuclear Program and against the recent event in Bulgaria where five Israeli tourists (and their local driver) were killed in a terrorist attack in the Black Sea city of Burgas. At the time of writing the web site is unavailable, showing the well-familiar IIS7 Splash Screen (in spite of the embargo and the alleged Iranian Cyber Autarchy).
From an information security perspective, the second half of June has been characterized by the hacking collective UGNAZI (and its members) and also by an individual hacker: .c0mrade AKA @OfficialComrade.
Both entities have left behind them a long trail of Cyber Attacks against different targets (in several cases the real extent of the attack is uncertain) and with different techniques, although it is likely that the UGNAZI collective will be forced to change the plans after the arrest of the group’s leader, JoshTheGod, nearly at the end of the month (27thof June), effectively they have considerably reduced the rate of their cyber attacks in the second part of the analyzed period.
I have just received an email from the israeli hacker dubbed you-ri-k@n providing me with some details about a peculiar Cyber Attack against an Iranian news web site. Looks like you-ri-k@n has a kind of predilection for Iran: you will probably remember him for his last cyber attack (nearly a couple of months ago) targeting the Iranian Meteorological Organization.
Two months again and the World will assist to the 2012 London Olympic Games. Unfortunately the same is not true for Information Security Professional for which the Olympic Games have started approximately two years ago in Iran, more exactly during the summer of 2010 when the infamous malware Stuxnet (the first 21st Century Cyber Weapon) became public, unleashing its viral power to the entire World.
The day after its discovery, there are few doubts that the infamous malware dubbed Flame (or sKyWIper) has been developed by a government with significant budget and effort. The complexity of the malware suggests that it has been used for a huge cyber-espionage campaign and, easily predictable, Israel is listed as the main culprit, even if in good company if it is true, as argued by some bloggers, that the malware was created by a strict
cooperation coproduction between CIA and Mossad.
After several months of silence, a new resounding dump in Middle East.
I have just received an email message from you-r!-k@n, one of the early pro-Israeli contenders of the Middle East Cyber War, advising me of a new huge dump against an Iranian Server (irimo.ir, Iranian Meteorological Organization), which is currently unavailable. He claims to have acquired administrator privileges for the domain (1500 computers and server, 400 users), and has posted some screenshot as evidence, and the list of 400 Active Directory Users.