Shamoon Malware Re-Emerges, Targets Italian Oil and Gas Company

A new variant of the Shamoon malware, made infamous for a cyber-attack on Saudi Aramco in 2012, recently infected the network of Saipem, an Italian oil and gas contractor. During the weekend of December 8th, the malware destroyed files on approximately ten percent of Saipem’s systems, the majority of which were located in the Middle East. The company’s systems for controlling industrial equipment were not affected. Remote Desktop Protocol (RDP) is suspected as the primary infection vector. Saipem is currently restoring their systems from back-ups. While details on this incident are scarce, more information will likely unfold in the coming days and weeks. The NJCCIC recommends organizations employ a defense-in-depth cybersecurity strategy, implement network segmentation, disable unnecessary ports and protocols, and maintain awareness of this and other emerging cyber threats. Some additional details on this incident can be found in the ZDNet article.