Saudi Arabia Under Attack

Uploaded on 2017-11-24 in NEWS-Cybersecurity News, GOVERNMENT-National, FREE TO VIEW

Saudi Arabian security officials said recently that the country had been targeted as part of a wide-ranging cyber espionage campaign observed since February against five Middle East nations as well as several countries outside the region.

The Saudi Government’s National Cyber Security Center (NCSC) said in a statement the kingdom had been hit by a hacking campaign bearing the technical hallmarks of an attack group dubbed “MuddyWater” by US cyber firm Palo Alto Networks.

Palo Alto’s Unit 42 threat research unit published a report showing how a string of connected attacks this year used decoy documents with official-looking government logos to lure unsuspecting users from targeted organisations to download infected documents and compromise their computer networks.

Documents pretending to be from the US National Security Agency, Iraqi intelligence, Russian security firm Kaspersky and the Kurdistan regional government were among those used to trick victims, Unit 42 said in a blog post. The Unit 42 researchers said the attacks had targeted organizations in Saudi Arabia, Iraq, the United Arab Emirates, Turkey and Israel, as well as entities outside the Middle East region in Georgia, India, Pakistan and the United States.

The Saudi security agency said in its own statement that the attacks sought to steal data from computers using email phishing techniques targeting the credentials of specific users. The NCSC said they also comprised so-called “watering hole” attacks, which seek to trick users to click on infected web links to seize control of their machines.

The technical indicators supplied by Unit 42 are the same as those described by the NCSC as ones being involved in attacks against Saudi Arabia. The NCSC said the attacks appeared to be by an “advanced persistent threat” (APT) group, cyber jargon typically used to describe state-backed espionage.

Saudi Arabia has been the target of frequent cyberattacks, including the “Shamoon” virus, which crippled computers by wiping their disks and has hit both government ministries and petrochemical firms. Saudi Aramco, the world’s largest oil company, was hit by an early version of the “Shamoon” virus in 2012, in the country’s worst cyberattack to date.

The NCSC declined further comment on the source of the attack or on which organisations or agencies were targeted. Palo Alto Networks said it was unable to identify the attack group or its aims. It was not immediately available to comment further.
 “We are currently unable to make a firm conclusion about the origin of the attackers, or the specific types of information they seek out once on a network,” Unit 42 said in its blog post (https://goo.gl/SvwrXv).

Palo Alto Networks said the files it had uncovered were almost identical to information-stealing documents disguised as Microsoft Word files and found to be targeting the Saudi government by security firm MalwareBytes in a September report.

Arab News

You Might Also Read:

Iran Cyber Attacks on Saudi Arabia:

First Shots Of A New Cyber War:

Anonymous Want Revenge For Saudi Executions:

« Uber Wants 24,000 Driverless Volvos
Cyber Monday 2017 UK Deals »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Infosecurity Europe

Infosecurity Europe

Infosecurity Europe is Europe’s number one information security conference and exhibition.

Rackspace Technology

Rackspace Technology

Rackspace Technology is a leading provider of managed services across all major public and private cloud technologies. Secure your IT environments with powerful cloud security solutions and support.

Help Net Security

Help Net Security

Help Net Security has been a prime resource for information security news and insight since 1998.

IDpendant

IDpendant

IDpendant offers a wide range of services, including authentication technology, client security products, single sign on systems, encryption solutions, card and mobile device management systems.

Rewertz

Rewertz

Rewterz is a cyber security company based out of Dubai, serving customers in UAE, Oman, Qatar, Bahrain, Saudi Arabia, and Pakistan.

Internap Corporation (INAP)

Internap Corporation (INAP)

INAP is a global provider of high-performance data center and cloud solutions, partnering with customers worldwide to create secure and scalable IT infrastructure solutions.

Cyberens

Cyberens

Cyberens provide cybersecurity consulting services in IT sectors relating to defense and space, banking, industrial control systems and IoT.

Cybersecurity Professionals

Cybersecurity Professionals

Search vacancies from top cyber security jobs worldwide on CyberSecurity Professionals. View IT security jobs or upload your CV to be seen by recruiters from industry leading firms.

ReconaSense

ReconaSense

ReconaSense helps protect people, assets, buildings and cities with its next-gen access control and converged physical security intelligence platform.

Quantum Generation

Quantum Generation

Quantum Cyber Security for a new age of communications. We are developing the largest decentralized orbital, and ground quantum mesh network based on blockchain technology.

Cyberspace Solarium Commission (CSC)

Cyberspace Solarium Commission (CSC)

The Cyberspace Solarium Commission was established to develop a consensus on a strategic approach to defending the United States in cyberspace against cyber attacks of significant consequences.

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

Maritime Transportation System Information Sharing and Analysis Center (MTS-ISAC)

MTS-ISAC promotes and facilitates maritime cybersecurity information sharing, awareness, training, and collaboration efforts between private and public sector stakeholders.

Have I Been Pwned (HIBP)

Have I Been Pwned (HIBP)

Have I Been Pwned is a free resource for anyone to quickly assess if they may have been put at risk due to an online account of theirs having been compromised or "pwned" in a data breach.

CyberArmor

CyberArmor

Cyber Armor defend everyday IT and OT systems, from government agencies to critical infrastructure, from system integrators to small industries.

Access Venture Partners

Access Venture Partners

Access Venture Partners are an early stage VC firm investing in bold founders and helping every step of the way. Areas we give special focus to include cybersecurity.

Rootly

Rootly

Rootly is an incident management platform on Slack that helps automate manual admin work during incidents.