Threats Feed|Cutting Sword of Justice|Last Updated 25/07/2024|AuthorCertfa Radar|Publish Date01/12/2016

Shamoon 2.0 Resurfaces in the Gulf States with Enhanced Cyberattack Tactics

  • Actor Motivations: Sabotage
  • Attack Vectors: Malware,Wiper
  • Attack Complexity: Very High
  • Threat Risk: High Impact/High Probability

Threat Overview

In mid-November 2016, Mandiant responded to the Shamoon 2.0 malware attack targeting organizations in the Gulf states, marking the return of the suspected Iranian hacker group "Cutting Sword of Justice." This updated version of the 2012 Shamoon malware features embedded credentials, suggesting previous targeted intrusions for credential harvesting. Shamoon 2.0 performs subnet scanning, uses domain-specific credentials for unauthorized access, modifies system registries, and schedules tasks for execution. Its payload involves overwriting system files and wiping boot records, notably shifting imagery from a burning U.S. flag to a photograph of Alan Kurdi, symbolizing a devastating critique through cyber vandalism.

Reference and Credit: Mandiant - December 2016

FireEye Responds to Wave of Destructive Cyber Attacks in Gulf Region

Detected Targets

TypeDescriptionConfidence
RegionMiddle East Countries
Verified

Extracted IOCs

  • 10de241bb7028788a8f278e27a4e335f
  • 76c643ab29d497317085e5db8c799960
  • ac4d91e919a3ef210a59acab0dbb9ab5
  • b5d2a4d8ba015f3e89ade820c5840639
  • c843046e54b755ec63ccb09d0a689674
download

Tip: 5 related IOCs (0 IP, 0 domain, 0 URL, 0 email, 5 file hash) to this threat have been found.

About Affiliation
Cutting Sword of Justice
View Cutting Sword of Justice's Insights