Saudi Arabia Under Attack

Saudi Arabian security officials said recently that the country had been targeted as part of a wide-ranging cyber espionage campaign observed since February against five Middle East nations as well as several countries outside the region.

The Saudi Government’s National Cyber Security Center (NCSC) said in a statement the kingdom had been hit by a hacking campaign bearing the technical hallmarks of an attack group dubbed “MuddyWater” by US cyber firm Palo Alto Networks.

Palo Alto’s Unit 42 threat research unit published a report showing how a string of connected attacks this year used decoy documents with official-looking government logos to lure unsuspecting users from targeted organisations to download infected documents and compromise their computer networks.

Documents pretending to be from the US National Security Agency, Iraqi intelligence, Russian security firm Kaspersky and the Kurdistan regional government were among those used to trick victims, Unit 42 said in a blog post. The Unit 42 researchers said the attacks had targeted organizations in Saudi Arabia, Iraq, the United Arab Emirates, Turkey and Israel, as well as entities outside the Middle East region in Georgia, India, Pakistan and the United States.

The Saudi security agency said in its own statement that the attacks sought to steal data from computers using email phishing techniques targeting the credentials of specific users. The NCSC said they also comprised so-called “watering hole” attacks, which seek to trick users to click on infected web links to seize control of their machines.

The technical indicators supplied by Unit 42 are the same as those described by the NCSC as ones being involved in attacks against Saudi Arabia. The NCSC said the attacks appeared to be by an “advanced persistent threat” (APT) group, cyber jargon typically used to describe state-backed espionage.

Saudi Arabia has been the target of frequent cyberattacks, including the “Shamoon” virus, which crippled computers by wiping their disks and has hit both government ministries and petrochemical firms. Saudi Aramco, the world’s largest oil company, was hit by an early version of the “Shamoon” virus in 2012, in the country’s worst cyberattack to date.

The NCSC declined further comment on the source of the attack or on which organisations or agencies were targeted. Palo Alto Networks said it was unable to identify the attack group or its aims. It was not immediately available to comment further.
 “We are currently unable to make a firm conclusion about the origin of the attackers, or the specific types of information they seek out once on a network,” Unit 42 said in its blog post (https://goo.gl/SvwrXv).

Palo Alto Networks said the files it had uncovered were almost identical to information-stealing documents disguised as Microsoft Word files and found to be targeting the Saudi government by security firm MalwareBytes in a September report.

Arab News

You Might Also Read:

Iran Cyber Attacks on Saudi Arabia:

First Shots Of A New Cyber War:

Anonymous Want Revenge For Saudi Executions:

« Uber Wants 24,000 Driverless Volvos
Cyber Monday 2017 UK Deals »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Global Station for Big Data & Cybersecurity (GSB)

Global Station for Big Data & Cybersecurity (GSB)

GSB is an interdisciplinary research hub to cover big data, information networks, and cybersecurity.

Lawley Insurance

Lawley Insurance

Lawley is a full-service, independent insurance agency. Specialty insurance products include Cyber Security.

Internet Storm Center (ISC)

Internet Storm Center (ISC)

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with ISPs to fight back against the most malicious attackers.

herdProtect

herdProtect

herdProtect is a second line of defense malware scanning platform powered by 68 anti-malware engines in the cloud.

Axiad IDS

Axiad IDS

Axiad IDS is a Trusted Identity solutions provider for enterprise, government and financial organizations.

XLAB

XLAB

XLAB is an R&D company with a strong research background in the fields of distributed systems, cloud computing, security and dependability of systems.

KOVRR

KOVRR

Kovrr financially quantifies cyber risk on demand. Our technology enables decision makers to seamlessly drive actionable cyber risk management decisions.

TROOPERS

TROOPERS

TROOPERS InfoSec event consists of two days of high-end training, followed by a two-day, three-track conference, culminating in Roundtables on the final day.

Conduent

Conduent

Conduent delivers mission-critical technology services and solutions on behalf of businesses and governments. Solution areas include digital risk and compliance.

QuoLab

QuoLab

QuoLab empowers security professionals to analyze, investigate and respond to threats within an integrated ecosystem.

North East Business Resilience Centre (NEBRC)

North East Business Resilience Centre (NEBRC)

The North East Business Resilience Centre is a non-profit organisation here to support businesses in the North East of England in protecting themselves from cyber crimes and fraud.

Arcturus Security

Arcturus Security

Arcturus is a CREST-approved cyber security consultancy created by experts in the field.

Francisco Partners

Francisco Partners

Francisco Partners provide capital, expertise, and support for growth-aspiring technology companies.

ESProfiler

ESProfiler

Enterprise Security Profiler. Empowering CISOs with clarity & confidence in their security programme by visualising capabilities, usage and spend against their key threat priorities.

Aurascape AI

Aurascape AI

Aurascape is working on advanced cybersecurity solutions powered by grounds-up generative AI architecture.

PureID

PureID

Protect your enterprise with PureAUTH #IAMFirewall, Resilient SSO platform, purpose built to provide Passwordless Authentication & Zero Trust Access, by default.