A cybersabotage program that wiped data from 30,000 computers at Saudi Arabia’s national oil company in 2012 has returned and is able to target server-hosted virtual desktops.
The malware, known as Shamoon or Disttrack, is part of a family of destructive programs known as disk wipers. Similar tools were used in 2014 against Sony Pictures Entertainment in the U.S. and in 2013 against several banks and broadcasting organizations in South Korea.
Shamoon was first observed during the 2012 cyberattack against Saudi Aramco. It spreads to other computers on a local network by using stolen credentials and activates its disk-wiping functionality on a preconfigured date.