Sign up for our daily briefing

Make your busy days simpler with the Axios AM and PM newsletters. Catch up on what's new and why it matters in just 5 minutes.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on the day's biggest business stories

Subscribe to the Axios Closer newsletter for insights into the day’s business news and trends and why they matter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios Pro Rata

Dive into the world of dealmakers across VC, PE and M&A with Axios Pro Rata. Delivered daily to your inbox by Dan Primack and Kia Kokalitcheva.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sports news worthy of your time

Binge on the stats and stories that drive the sports world with the Axios Sports newsletter. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Tech news worthy of your time

Get our smart take on technology from the Valley and D.C. with Axios Login. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Get the inside stories

Get an insider's guide to the new White House with Axios Sneak Peek. Sign up for free.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Catch up on coronavirus stories and special reports, curated by Mike Allen everyday

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Denver news?

Get a daily digest of the most important stories affecting your hometown with Axios Denver

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Des Moines news?

Get a daily digest of the most important stories affecting your hometown with the Axios Des Moines newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Twin Cities news?

Get a daily digest of the most important stories affecting your hometown with Axios Twin Cities

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Tampa Bay news?

Get a daily digest of the most important stories affecting your hometown with the Axios Tampa Bay newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Charlotte news?

Get a daily digest of the most important stories affecting your hometown with Axios Charlotte

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Nashville news?

Get a daily digest of the most important stories affecting your hometown with the Axios Nashville newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Columbus news?

Get a daily digest of the most important stories affecting your hometown with the Axios Columbus newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Dallas news?

Get a daily digest of the most important stories affecting your hometown with the Axios Dallas newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Austin news?

Get a daily digest of the most important stories affecting your hometown with the Axios Austin newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Atlanta news?

Get a daily digest of the most important stories affecting your hometown with the Axios Atlanta newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Philadelphia news?

Get a daily digest of the most important stories affecting your hometown with the Axios Philadelphia newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top Chicago news?

Get a daily digest of the most important stories affecting your hometown with the Axios Chicago newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Sign up for Axios NW Arkansas

Stay up-to-date on the most important and interesting stories affecting NW Arkansas, authored by local reporters

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Want a daily digest of the top DC news?

Get a daily digest of the most important stories affecting your hometown with the Axios DC newsletter.

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Please enter a valid email.

Please enter a valid email.

Subscription failed
Thank you for subscribing!

Investers stand in front of the Saudi Aramco logo in 2016. Photo: Fayez Nureldine / AFP via Getty Images.

Shamoon, the rarely seen but destructive malware that was used to wipe Saudi Aramco's servers in 2012, may be back in play, according to Chronicle, Alphabet's cybersecurity arm.

Why it matters: There are only three known times Shamoon variants have been used in the wild (and one of those instances is in dispute), with the Saudi incident the most famous. If the rare malware is back, it's an ominous sign.

Chronicle discovered a file containing Shamoon uploaded to its VirusTotal database. VirusTotal runs free scans on files using major antivirus scanners. The antivirus companies, in return, get access to valuable samples of malware that get uploaded.

  • The new Shamoon was set to detonate on Dec. 7, 2017, at 11:51 pm, but only uploaded yesterday.
  • Chronicle notes that attackers may have set the attack date to the past — perhaps by changing 2018 to 2017 — in order to start an attack immediately.
  • Another possibility, said Brandon Levene, head of applied intelligence at Chronicle, is that the malware was compiled in the past as part of preparations for a later attack.

The intrigue: "This variant is very strange," noted Levene.

  • All other Shamoon samples traveled through a network using pre-programmed credentials.
  • This sample has no pre-programmed credentials — it's limited to the computer it's first installed on.
  • Levene also said the command and control infrastructure — the internet address list allowing the malware to communicate with the hackers — was also blank.
  • "It's odd that those components aren't there," said Levene. "The attackers may have a different connection to the host network and thought manually installing Shamoon would make more sense."

Other differences include the way the malware goes about deleting files.

  • Shamoon in the past has replaced all files with images that had political significance. The new attacks irreversibly encrypt the files.

The file containing Shamoon was uploaded to VirusTotal from Italy.

  • Chronicle noted in a statement: "While Chronicle cannot directly link the new Shamoon variant to an active attack, the timing of the malware files comes close to news of an attack on an Italian energy corporation with assets in the Middle East."

Shamoon famously wipes the hard drives of networked computers after sending the attacker a list of the filenames that will be deleted. But in this latest variant of Shamoon, the lack of access to command and control servers means that function no longer works.

Go deeper

S&P 500 slides into correction territory

Data: FactSet; Chart: Axios Visuals

Stocks suffered their worst drop of the year, pushing the S&P 500 on track to fall into a "correction."

Driving the news: The benchmark S&P 500 dropped for its fifth straight day, with losses nearing 3% in early trading.

Updated 55 mins ago - Politics & Policy

Omicron dashboard

Illustration: Aïda Amer/Axios

  1. Health: Fauci: "Confident" Omicron cases will peak in February — FDA OKs antiviral drug remdesivir for non-hospitalized patients — Walensky: CDC language "pivoting" on "fully vaccinated."
  2. Vaccines: The shifting definition of fully vaccinated — Annual vaccine preferable to boosters, says Pfizer CEO — Team USA 100% vaccinated ahead of Beijing Olympics.
  3. Politics: Virginia school boards sue Gov. Youngkin for lifting mask mandate — Gonzaga University revokes NBA great John Stockton's tickets over mask stance — Arizona governor sues Biden administration over funds tied to mandates.
  4. World: Beijing Olympic Committee lowers testing threshold ahead of Games — Beijing officials urge "emergency mode" before Winter Olympics — Austria approves vaccine mandate for adults.
  5. Variant tracker

Supreme Court agrees to hear challenge to affirmative action at Harvard, UNC

Photo: Al Drago/Getty Images

The Supreme Court on Monday agreed to hear a pair of cases challenging the consideration of race in the college admissions processes.

Why it matters: The conservative high court's ruling could determine the future of affirmative action in higher education.