The Saipem FDS 2 moored off Cyprus. Photo: Athanasios Gioumpasis/Getty Images
Why it matters: Shamoon is destructive malware that has only been seen in the wild three times since 2012 (and one of those is in dispute), including some of the most famous cyberattacks in history. Its return has raised eyebrows.
Saipem, the Italian energy firm, now says an attack it announced on Monday "hit servers based in the Middle East, India, Aberdeen and, in a limited way, Italy through a variant of Shamoon malware."
Shamoon is wiper malware, meaning that it renders files unusable in bulk. Chronicle, Alphabet's cybersecurity arm, has identified several anomalies in the new sample as compared to past attacks.
- Most victims of Shamoon have been in the oil and gas industry.