Iran Cyber Attacks on Saudi Arabia

Uploaded on 2017-03-03 in INTELLIGENCE--International, GOVERNMENT-National, FREE TO VIEW, INTELLIGENCE-Hot Spots-Iran, TECHNOLOGY--Hackers

After a four-year hiatus, Iran recently resumed destructive cyber-attacks against Saudi Arabia in what US officials say is part of a long-term strategy by Tehran to take over the oil-rich kingdom and regional US ally.

Late January 2017, the Saudi government warned, in a notice to telecommunications companies, that an Iranian-origin malicious software called Shamoon had resurfaced in cyber-attacks against some 15 Saudi organisations, including government networks.

The Shamoon malware was last detected in the 2012 cyber-attack against the major Saudi state oil producer Aramco. That cyber-attack damaged or destroyed some 30,000 computers and was considered one of the more destructive state-linked cyber-attacks to date.

A State Department security report issued Feb. 10 stated that the 2012 attack destroyed over three-fourths of Aramco's computers, and that the damage took five months to mitigate at "an extreme cost."

Shamoon also was used in Iranian cyber-attacks against RasGas, a liquified natural gas company located in neighboring Qatar.

A new version of the malware, Shamoon 2, was linked to the recent cyber-attack, which took place in November 2016. Security officials linked that attack to a Middle East hacker group known as Greenbug that used fraudulent emails in phishing scams to acquire login credentials for Saudi networks.

A cyber security expert familiar with details of the latest Saudi cyber-attack who spoke on condition of anonymity said the November incident was “Iranian-directed” and linked to two hacker groups in Iran known as "Cadelle and Chafer” in cyber-security circles.

The new Shamoon 2 "is meant to do damage," the expert said, noting that the recent cyber-attack was not as effective as the earlier one in 2012.

Once inside compromised computer networks, the Iranian hackers were able to steal large amounts of data. They then destroyed the computers using a digital wiping tool that removes all data from the system. The hacked computers were left with a screen image.

In the 2012 Saudi Aramco attack, the Iranians left an image of a burning American flag image. After the November cyber-attack, the hackers left a screen image of a dead Syrian refugee boy.

The Saudis received US government cyber-security and technology training after the 2012 attack. No Shamoon malware was detected until the new variant, Shamoon 2, appeared in November. The US government believes the same Iranian hackers carried out both attacks.

A National Security Agency document from 2013 warned that Iranian government cyber-attacks are part of an expansion of Iranian influence in the Middle East. "NSA has seen Iran further extending its influence across the Middle East over the last year," states the top secret memo, which was disclosed by renegade contractor Edward Snowden.

NSA believed Iran's 2012 cyber-attack was carried out in retaliation for the earlier US cyber-attacks against Iranian nuclear facilities. Those attacks caused nuclear centrifuges to self-destruct using an industrial control software known as Stuxnet.

"NSA expects Iran will continue this series of attacks, which it views as successful, while striving for increased effectiveness by adapting its tactics and techniques to circumvent victim [computer network] mitigation attempts," the NSA said.

The Iranian cyber-attacks are one element of a larger Iranian strategy to subvert and ultimately take over Saudi Arabia, the location of Islam's holy sites, according to US officials.

Predominantly Shiite Iran and predominantly Sunni Saudi Arabia are bitter rivals that vie for influence over the world's Muslims.

The State Department report, "Devastating Cyber Attack Program Returns to Saudi Arabia," warned that US companies operating in the kingdom could be the next targets of Iranian cyber-attacks.

"The increased tensions and unpredictable future between Iran, Saudi Arabia, and the US raises the potential for US organisations in the region to be future targets for a cyber-attack, either with Shamoon or similar malware tuned for destruction rather than corporate espionage or theft," the report said.

In addition to cyber-attacks, Iran seeks to subvert Saudi Arabia through a proxy war in Yemen.

Tehran is backing Houthi rebels against the pro-Saudi government of Yemen. The Houthis took over the capital of Sanaa in 2014. One year later, a Saudi-led coalition of nine regional states intervened in the conflict.

Concerned by large numbers of civilian casualties in the conflict, the Obama administration last year delayed delivery to Saudi Arabia of an arms sale package for large numbers of precision-guided bomb kits. The kits turn gravity bombs into precision-guided weapons that can be directed to targets.

US officials say the Trump administration is ready to lift the ban on the bomb kits to the regional ally because it is no longer concerned by the Obama administration's goal of warmer relations with Tehran.

Under Obama, then-Secretary of State John Kerry tried to negotiate a settlement of the Yemen conflict in a deal with the Houthis. Critics said the deal would have been advantageous to Iran and harmful to the Saudis.

Iran has dispatched a large number of Islamic Revolutionary Guards Corps fighters to Yemen, along with pro-Iranian militia members from Iraq, in a bid to help the Houthis.

Additionally, US officials say Iran is helping the Houthis plant sea mines off the coast of Yemen near the strategic Red Sea choke point known as the Bab-el-Mandeb, a strategic shipping lane between the Indian Ocean, Red Sea, and Suez Canal.

Controlling the Bab-el-Mandeb is said to be a key element of the Iranian strategy of targeting Saudi Arabia. Once in control of the Bab-el-Mandeb, the Iranians could use their control of the region's other strategic chokepoint, the Strait of Hormuz, to exert political leverage throughout the region.

A commercial maritime security notice was sent recently to shipping companies warning that vessels transiting the region should check with the US Navy about the threat of sea mines.

A Saudi warship was recently attacked in waters near Yemen by what is now believed to have been a small, remotely piloted boat loaded with explosives.

The guided missile destroyer USS Cole was recently dispatched to the area following the rebel attack on the Saudi ship.

FreeBeacon:

 

« Google To Break Pirates Over Music Searches
Self-driving Ubers are now in Arizona »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

ON-DEMAND WEBINAR: Gen AI for Security: Adoption strategies with Amazon Bedrock

Watch this webinar and get a comprehensive roadmap for securely adopting generative AI using Amazon Bedrock, a fully managed service that offers a choice of high-performing foundation models (FMs).

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Hyper Recruitment Solutions

Hyper Recruitment Solutions

Hyper Recruitment Solutions is a specialist and highly compliant recruitment consultancy dedicated to the Science and Technology sectors.

Virtual Security

Virtual Security

Virtual Security provides solutions in the field of managed security services, network security, secure remote work, responsible internet, application security, encryption, BYOD and compliance.

Brinqa

Brinqa

Brinqa is a leading provider of unified risk management and security analytics.to manage IT governance and technology risk.

CloudCheckr

CloudCheckr

CloudCheckr is a next-gen cloud management platform that unifies Security & Compliance, Inventory & Utilization and Cost Management.

Vector InfoTech

Vector InfoTech

Vector InfoTech is a leader in Industrial Security, Networks, IT and Telecommunications.

Cimcor

Cimcor

Cimcor’s flagship software product, CimTrak, helps organizations to monitor and protect a wide range of physical, network and virtual IT assets in real-time.

Jeffer Mangels Butler & Mitchell LLP (JMBM)

Jeffer Mangels Butler & Mitchell LLP (JMBM)

JMBM is a full service law firm providing counseling and litigation services in a wide range of areas including cyber security.

ubirch

ubirch

The ubirch platform is designed to ensure that IoT data is trustworthy and secure.

Plexal

Plexal

Plexal is East London's innovation centre and co-working space. We offer startups flexible memberships, giving them access to office space plus all the benefits and support they need to scale.

AgileBlue (Agile1)

AgileBlue (Agile1)

AgileBlue (formerly Agile1) is a managed breach detection company with an Autonomous SOC-as-a-Service for 24×7 monitoring, detection and guided response.

HolistiCyber

HolistiCyber

HolistiCyber provide state-of-the art consulting, services, and solutions to help proactively and holistically defend against a new era of constantly evolving cyber threats.

Accedian

Accedian

Accedian is a leader in performance analytics and end user experience solutions, dedicated to providing our customers with the ability to assure their digital infrastructure.

NetScout Systems

NetScout Systems

NetScout assures digital business services against disruptions in availability, performance, and security.

Core4ce

Core4ce

Core4ce is a mission-oriented company that serves as a trusted partner to the national security community.

Lineaje

Lineaje

Lineaje solves critical Software Supply Chain security problems faced by every organization that builds, uses or sells software.

SentryMark

SentryMark

Stay a Step Ahead of Emerging Threats. Deviate from the traditional siloed defenses and get the proactive and responsive cybersecurity solutions and services you deserve with SentryMark today.