Dec 13, 2018

Shamoon malware attack confirmed by hacked Italian energy firm

The Saipem FDS 2 moored off Cyprus. Photo: Athanasios Gioumpasis/Getty Images

Two days after researchers identified a new variant of Shamoon, an Italian oil drilling company admitted the infamous malware was used in an attack against the company earlier this week.

Why it matters: Shamoon is destructive malware that has only been seen in the wild three times since 2012 (and one of those is in dispute), including some of the most famous cyberattacks in history. Its return has raised eyebrows.

Saipem, the Italian energy firm, now says an attack it announced on Monday "hit servers based in the Middle East, India, Aberdeen and, in a limited way, Italy through a variant of Shamoon malware."

Shamoon is wiper malware, meaning that it renders files unusable in bulk. Chronicle, Alphabet's cybersecurity arm, has identified several anomalies in the new sample as compared to past attacks.

  • Most victims of Shamoon have been in the oil and gas industry.
Go deeper