New Unit 42 Threat Brief: Credential Theft – The Keystone of the Shamoon 2 Attacks.
Unit 42’s continued investigation into Shamoon 2 has unearthed more details into the method by which the threat actors delivered the Disttrack payload.
Read the new Unit 42 Threat Brief for the latest update on Shamoon 2.
Palo Alto Networks Unit 42 threat intelligence team has just released new research that has uncovered a previously unknown second wave of Shamoon 2 attacks: Second Wave of Shamoon 2 Attacks Identified Based on our analysis, these attacks were timed to occur on November 29, 2016, twelve days after the initial Shamoon 2 attacks that
In November 2016, we observed the reemergence of destructive attacks associated with the 2012 Shamoon attack campaign. We covered this attack in detail in our blog titled Shamoon 2: Return of the Disttrack Wiper, which targeted a single organization in Saudi Arabia and was set to wipe systems on November 17, 2016. Since our previous
In August 2012, an attack campaign known as Shamoon targeted a Saudi Arabian energy company to deliver a malware called Disttrack. Disttrack is a multipurpose tool that exhibits worm-like behavior by attempting to spread to other systems on a local network using stolen administrator credentials. More importantly, its claim to fame is the ability to