A new variant of the destructive Shamoon malware was uploaded to VirusTotal this week, but security researchers haven’t linked it to a specific attack yet.
Also referred to as DistTrack, the sophisticated malware was initially observed in attacks against Saudi Arabian and other oil companies in 2012, when it destroyed data on over 30,000 systems.
An updated version of the threat emerged in 2016, when it hit various organizations in the Persian Gulf, including Saudi Arabia’s General Authority of Civil Aviation (GACA). One variant of Shamoon 2 was also observed targeting virtualization products.
Unlike other malware used in targeted attacks, which focuses on stealing information, Shamoon erases data on infected computers and attempts to destroy the hard disk and render systems unusable. The data-wiping functionality, however, is triggered upon a hard-coded date.
Source: Security Week