Enlarge (credit score: William Warby)
Shamoon—the mysterious disk wiper that popped up out nowhere in 2012 and took out more than 35,000 computers in a Saudi Arabian-owned gas company earlier than disappearing—is again. Its new, meaner design has been unleashed three time since November. What's extra, a brand new wiper developed in the identical fashion as Shamoon has been found focusing on a petroleum firm in Europe, the place wipers used within the Center East haven't beforehand been seen.
Researchers from Moscow-based antivirus supplier Kaspersky Lab have dubbed the brand new wiper "StoneDrill." They discovered it whereas they had been researching the trio of Shamoon assaults, which occurred on two dates in November and one date in late January. The refurbished Shamoon 2.zero added new instruments and strategies, together with much less reliance on exterior command-and-control servers, a completely useful ransomware module, and new 32-bit and 64-bit parts.
StoneDrill, in the meantime, options a powerful capacity to evade detection by, amongst different issues, forgoing using disk drivers throughout set up. To perform this, it injects a wiping module into the pc reminiscence related to the person's most well-liked browser. StoneDrill additionally contains backdoor features which are used for espionage functions. Kaspersky researchers discovered 4 command-and-control panels that the attackers used to steal information from an unknown variety of targets. Apart from sharing code similarities with Shamoon, StoneDrill additionally reuses code utilized in an espionage campaign dubbed "NewsBeef," which focused organizations world wide.
Read 6 remaining paragraphs | Comments
Niciun comentariu:
Trimiteți un comentariu