Cisco Blogs
Share

Cisco Coverage for Shamoon 2

- January 31, 2017 - 0 Comments

Shamoon is a type of destructive malware that has been previously associated with attacks against the Saudi Arabian energy sector we’ve been tracking since 2012. We’ve observed that a variant of Shamoon, identified as Shamoon 2, has recently been used against several compromised organizations and institutions. Talos is aware of the recent increase in Shamoon 2 activity and has responded to ensure our customers are protected. Additionally, Talos will continue to monitor for new developments to ensure our customers remain protected.

Propagation

Shamoon 2 has been observed targeting very specific organizations and propagating within a network via network enumeration and the use of stolen credentials. Some of the credentials are organization specific from individuals or shared accounts. Other credentials are the default accounts of products used by the targeted customers.

Read more >>

Tags:

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.

Share