Saudi Arabia Under Attack

Uploaded on 2017-11-24 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

Saudi Arabian security officials said recently that the country had been targeted as part of a wide-ranging cyber espionage campaign observed since February against five Middle East nations as well as several countries outside the region.

The Saudi Government’s National Cyber Security Center (NCSC) said in a statement the kingdom had been hit by a hacking campaign bearing the technical hallmarks of an attack group dubbed “MuddyWater” by US cyber firm Palo Alto Networks.

Palo Alto’s Unit 42 threat research unit published a report showing how a string of connected attacks this year used decoy documents with official-looking government logos to lure unsuspecting users from targeted organisations to download infected documents and compromise their computer networks.

Documents pretending to be from the US National Security Agency, Iraqi intelligence, Russian security firm Kaspersky and the Kurdistan regional government were among those used to trick victims, Unit 42 said in a blog post. The Unit 42 researchers said the attacks had targeted organizations in Saudi Arabia, Iraq, the United Arab Emirates, Turkey and Israel, as well as entities outside the Middle East region in Georgia, India, Pakistan and the United States.

The Saudi security agency said in its own statement that the attacks sought to steal data from computers using email phishing techniques targeting the credentials of specific users. The NCSC said they also comprised so-called “watering hole” attacks, which seek to trick users to click on infected web links to seize control of their machines.

The technical indicators supplied by Unit 42 are the same as those described by the NCSC as ones being involved in attacks against Saudi Arabia. The NCSC said the attacks appeared to be by an “advanced persistent threat” (APT) group, cyber jargon typically used to describe state-backed espionage.

Saudi Arabia has been the target of frequent cyberattacks, including the “Shamoon” virus, which crippled computers by wiping their disks and has hit both government ministries and petrochemical firms. Saudi Aramco, the world’s largest oil company, was hit by an early version of the “Shamoon” virus in 2012, in the country’s worst cyberattack to date.

The NCSC declined further comment on the source of the attack or on which organisations or agencies were targeted. Palo Alto Networks said it was unable to identify the attack group or its aims. It was not immediately available to comment further.
 “We are currently unable to make a firm conclusion about the origin of the attackers, or the specific types of information they seek out once on a network,” Unit 42 said in its blog post (https://goo.gl/SvwrXv).

Palo Alto Networks said the files it had uncovered were almost identical to information-stealing documents disguised as Microsoft Word files and found to be targeting the Saudi government by security firm MalwareBytes in a September report.

Arab News

You Might Also Read:

Iran Cyber Attacks on Saudi Arabia:

First Shots Of A New Cyber War:

Anonymous Want Revenge For Saudi Executions:

« Uber Wants 24,000 Driverless Volvos
Cyber Monday 2017 UK Deals »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

RSA Security

RSA Security

RSA provide cybersecurity products for Threat Detection and Response, Identity and Access Management, Governance, Risk and Compliance, and Fraud Prevention.

Thycotic

Thycotic

Thycotic prevents cyber attacks by securing passwords, protecting endpoints and controlling application access.

Intruder

Intruder

Intruder is a cloud-based vulnerability scanner that finds cyber security weaknesses in your digital infrastructure, to avoid costly data breaches.

Recovery Point Systems

Recovery Point Systems

Recovery Point is a leading national provider of IT secure and compliant infrastructure and business resilience services.

BicDroid

BicDroid

BicDroid is a world leader in data and cyber security with innovative solutions that protect your data anywhere, anytime, against everything.

Traced

Traced

At Traced, our aim is to redefine mobile cyber security to provide the best possible protection to everyone against breaches of privacy and security.

Searchlight Cyber

Searchlight Cyber

Searchlight Cyber is a leading darknet intelligence company. Working with law enforcement, industry, and end users to help protect society against the threats of the darknet.

Wing Security

Wing Security

Wing fosters a stronger security culture by engaging SaaS end-users and enabling easy communication with security teams.

Vaultree

Vaultree

We believe in an encrypted tomorrow. Vaultree technology enables a foundational change in how we communicate with each other: Safely!

AirDroid Business

AirDroid Business

AirDroid Business is an efficient mobile device management solution for Android devices, helping businesses to remotely control and access devices in large quantities using a centralized approach.

Prikus Tech

Prikus Tech

Prikus is a full-fledged Cyber Security Company helping organizations worldwide to manage cyber risks. We offer Risk & Compliance Services, Security Testing & Managed Security Services.

DigitalXForce

DigitalXForce

DigitalXForce is the Digital Trust Platform for the New Era – SaaS based solution that provides Automated, Continuous, Real Time Security & Privacy Risk Management.

PDI Technologies

PDI Technologies

PDI Technologies helps convenience retail and petroleum wholesale businesses around the globe increase efficiency and profitability by securely connecting their data and operations.

Benchmark Executive Search

Benchmark Executive Search

Benchmark specializes in finding elite talent for startup, emerging-growth and mid-cap companies offering game-changing technologies or innovative services to the federal and commercial markets.

Skylark

Skylark

Skylark is a leading global IT services provider, transforming client’s businesses through innovative and advanced technology solutions.

C5 Technology

C5 Technology

C5 Technology specialises in the provision of networking, security, and infrastructure services to enterprises and government agencies.