Threat Brief: Second Wave of Shamoon 2 Attacks Reveal Possible New Tactic

Palo Alto Networks Unit 42 threat intelligence team has just released new research that has uncovered a previously unknown second wave of Shamoon 2 attacks: Second Wave of Shamoon 2 Attacks Identified Based on our analysis, these attacks were timed to occur on November 29, 2016, twelve days after the initial Shamoon 2 attacks that

Second Wave of Shamoon 2 Attacks Identified

In November 2016, we observed the reemergence of destructive attacks associated with the 2012 Shamoon attack campaign. We covered this attack in detail in our blog titled Shamoon 2: Return of the Disttrack Wiper, which targeted a single organization in Saudi Arabia and was set to wipe systems on November 17, 2016. Since our previous

Shamoon 2: Return of the Disttrack Wiper

In August 2012, an attack campaign known as Shamoon targeted a Saudi Arabian energy company to deliver a malware called Disttrack. Disttrack is a multipurpose tool that exhibits worm-like behavior by attempting to spread to other systems on a local network using stolen administrator credentials. More importantly, its claim to fame is the ability to

Get updates on Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit 42

Follow us on