RIYADH, Dec 2 — Saudi authorities have detected fresh attempts by hackers to disrupt government computers, a report said today, after security firm Symantec warned of a revival of malware used in previous cyberattacks.
The National Cyber Security Centre “detected destructive electronic strikes against several government agencies and vital establishments”, Arab News reported.
The NCSC had warned on November 19 of “organised threats aimed at disabling the services provided by some agencies,” the paper said.
Hackers based outside the kingdom were trying to implant malware or a virus to disrupt users’ data, it added.
Symantec said on Tuesday that the aggressive disc-wiping malware Shamoon “has made a surprise comeback and was used in a fresh wave of attacks against targets in Saudi Arabia.”
Shamoon was employed in attacks against the Saudi energy sector in 2012 and “is largely unchanged from the variant used four years ago,” the US-based firm said.
“The attackers appear to have done a significant amount of preparatory work for the operation.
“The malware was configured with passwords that appear to have been stolen from the targeted organisations and were likely used to allow the threat to spread across a targeted organisation’s network.”
Symantec did not say which Saudi agencies were affected or who was responsible for the November 17 strike.
“However, with its highly destructive payload, it is clear that the attackers want their targets to sit up and take notice.”
In August, state media reported cyberattacks against several government institutions and vital installations they did not identify.
At the time of the 2012 Shamoon strike on state oil company Saudi Aramco and Qatari natural gas firm RasGas, US intelligence officials said they suspected a link to the kingdom’s regional rival Iran. — AFP