Shamoon

Malware updated a month ago (2024-09-25T14:01:18.255Z)
Download STIX
Preview STIX
Shamoon is a notorious malware, specifically a wiper, known for its destructive capabilities. It first gained significant attention in 2012 when it was used in a crippling attack on Saudi Aramco, damaging around 30,000 systems within the company. Iran's Islamic Revolutionary Guard Corps (IRGC) has been associated with this disruptive attack, which targeted oil and gas companies in Saudi Arabia and Qatar. The Shamoon wiper has since been widely available on open-source platforms such as GitHub, allowing various threat actors to use it in their malicious activities. The BlackJack group and the Twelve group are two such entities that have utilized versions of Shamoon in their attacks. Notably, these groups have employed a version of Shamoon rewritten in Go, differing from the original C# variant. This shift in language supports the connection between these groups. Both groups deploy Shamoon or its components identically, placing them in the same directories. KSN data further reveals that a specific variant of Shamoon involved in BlackJack group attacks was also observed in some Twelve group attacks. One victim of Shamoon in Saudi Arabia had previously been attacked by another group, Elfin, and infected with the Stonedrill malware. Elfin is known to utilize Trojan.Stonedrill in its operations. However, despite the complexity of some of these attacks, many threat actors don't need sophisticated wipers to be effective, as demonstrated by the effectiveness of Shamoon and AcidRain. AutoFocus customers can monitor this and previous Shamoon attacks using the Disttrack tag.
Description last updated: 2024-09-25T13:15:48.214Z
What's your take? (Question 1 of 4)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Aliases We are not currently tracking any aliases
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Wiper
Malware
Windows
Iran
Analyst Notes & Discussion
Be the first to leave your mark here! Log in to share your views and vote.
Associated Malware
To see the evidence that has resulted in these malware associations, create a free account
Alias DescriptionAssociation TypeVotes
The Stuxnet Malware is associated with Shamoon. Stuxnet, discovered in 2010, is one of the most notorious malware attacks in history, primarily targeting Windows systems, programming logic controllers (PLCs), and supervisory controls and data acquisition (SCADA) systems. The military-grade cyberweapon was co-developed by the United States and IsrUnspecified
2
Source Document References
Information about the Shamoon Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
PreviewSource LinkCreatedAtTitle
Securelist
a month ago
DARKReading
7 months ago
DARKReading
10 months ago
DARKReading
a year ago
DARKReading
a year ago
DARKReading
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
CERT-EU
a year ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
MITRE
2 years ago
Securelist
2 years ago
DARKReading
2 years ago