Shamoon computer virus variant is lead suspect in hack on oil firm Saipem

SHARE:

© Reuters. FILE PHOTO - A Saipem logo in seen on the bridge of the Saipem 10000 deepwater drillship in Genoa's harbour© Reuters. FILE PHOTO – A Saipem logo in seen on the bridge of the Saipem 10000 deepwater drillship in Genoa's harbour

By Stephen Jewkes and Jim Finkle

MILAN/NEW YORK (Reuters) – A hack on Italian oil services firm Saipem that crippled more than 300 computers was likely caused by a variant of a notorious destructive virus known as Shamoon, the company and two cybersecurity firms said.

Saipem's head of digital and innovation, Mauro Piasere, told Reuters on Wednesday that the firm suspects that a Shamoon variant caused between 300 to 400 computers to stop working in an attack that was disclosed by the company on Monday and primarily affected its servers in the Middle East.

Piasere said the company does not know who was behind the attack.

Use of a Shamoon variant would be significant because related viruses have been used in some of the most damaging attacks in history, beginning in 2012 when it crippled tens of thousands of computers at Middle Eastern energy firms Saudi Aramco and RasGas Co Ltd.

Shamoon resurfaced again in late 2016 in a series of attacks in the Middle East that continued through early 2017, and then went dormant.

"It went dark for a long time and it seems to be back," said Symantec (NASDAQ:SYMC) senior researcher Eric Chien. "The question is whether any others were affected by it."

Security researchers widely believe that people working on behalf of the Iranian government were behind the previous Shamoon attacks, something that Tehran strongly denies. Anti-U.S. imagery was found in the code, researchers have said.

CrowdStrike Vice President of Intelligence Adam Meyers said early technical analysis of the Saipem hack showed similarities with Shamoon and that it was likely Iran was also responsible, though the specific motive was not immediately apparent.

Officials in Iran could not be reached for comment.

Shamoon disables computers by overwriting a crucial file known as the master boot record, making it impossible for devices to start up. Former U.S. Defense Secretary Leon Panetta has said the 2012 Shamoon hack on Saudi Aramco was probably the most destructive cyber attack to date on a private business.

Saudi Aramco is the biggest client of Saipem, one of the world's largest subsea engineering and construction firms, which is controlled by Italian state lender CDP and oil firm Eni.

The Saipem attack knocked out more than 300 servers and dozens of personal computers in Saudi Arabia, the United Arab Emirates, Kuwait, India and Scotland, Piasere said.

No data will be lost because the company had backed up the computers that were affected, he said.

Servers are slowly being brought back on line, though the company is proceeding carefully to prevent further infections, he added.

COMMENTS

Name

Commodities,2649,Economic Indicators,1789,Economy,5553,Forex,1347,Politics,2061,Sports,5825,Stock Markets,10082,Tech,2847,World News,1691,
ltr
item
Business, Financial News and U.S, International Breaking News and more | ReutersHerald: Shamoon computer virus variant is lead suspect in hack on oil firm Saipem
Shamoon computer virus variant is lead suspect in hack on oil firm Saipem
https://i-invdn-com.akamaized.net/trkd-images/LYNXMPEEBB1OD_L.jpg
Business, Financial News and U.S, International Breaking News and more | ReutersHerald
http://www.reutersherald.com/2018/12/shamoon-computer-virus-variant-is-lead.html
http://www.reutersherald.com/
http://www.reutersherald.com/
http://www.reutersherald.com/2018/12/shamoon-computer-virus-variant-is-lead.html
true
7847844249671807439
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy