Targeted attacks are typically all about spying, stealing information, or politically motivated protest, but not this latest one: A new attack is all about total annihilation of the data rather than theft.
The so-called "Shamoon" targeted attack so far has been aimed at a single energy-sector organization in the Middle East, according to Symantec, which shared its findings today. Symantec would not name the victimized firm, and so far has seen the attack only in this one organization.
What stands out most about the attack is that its aim is destroying files, data, and crippling the infected machines.
"We haven't seen malicious attacks like this in years," says Liam O Murchu, manager of North American operations for Symantec Security Technology & Response, with the exception of the recent attack on Iranian government-owned oil industry systems, he adds.
"There was no exfiltration, no espionage, no ransom, no money [theft], and they were not trying to steal information: It was purely malicious," Murchu says of Shamoon.
Unlike a typical hacktivist attack or one where an attacker wants to gain notoriety, no one has claimed responsibility for Shamoon. There was a reference to "wiper" in some of the module strings of the malware, but Kaspersky Lab shot down any connection between Shamoon and the original "Wiper" malware that was tied to the Iranian oil incident and Flame.
Source: Kelly Jackson Higgins, Dark Reading