Home NEWS IRAN NEWS Saudi Central Bank Systems Said to Be Struck by Iran Malware

Saudi Central Bank Systems Said to Be Struck by Iran Malware

Matin Karim
-
0
Saudi Central Bank Systems Said to Be Struck by Iran Malware

Bloomberg, 2 Dec. 2016- State-sponsored hackers who unleashed a digital bomb in key parts of Saudi Arabia’s computer networks over the last two weeks damaged systems at the country’s central bank, known as the Saudi Arabian Monetary Agency, according to two people briefed on an ongoing investigation of the breach.
The attacks, which afflicted at least six government entities, used a computer-killing malware known as Shamoon that is linked to Iran, they said. They had the potential to inflict damage on targets across several critical sectors, including finance and transportation.
The investigation is still in its early stages and the determination of responsibility could change, the two people said. The number of entities where damage occurred is likely to grow as the probe continues, a third said.
Iranian officials didn’t respond to repeated requests for comment on the attack. Calls placed to the Saudi Interior Ministry about the targeting of the country’s central bank weren’t returned.
Central Bank Hits
Along with the General Authority of Civil Aviation, which runs Saudi airports, the hackers also hit the Ministry of Transportation, which oversees the kingdom’s road network, one of the people said.
The central bank is a most sensitive target. It manages the kingdom’s foreign-exchange reserves, supervises commercial banks, and runs the country’s electronic-payments system.
It’s unclear what part of the central bank’s information systems were damaged in the attack. There haven’t been reports of outages in the electronic-payments system or other parts of the banking sector.
Burning Flag
The Shamoon malware used in the attacks is the same one that was used in a devastating attack on Saudi Aramco in 2012 that destroyed 35,000 computers within hours. U.S. officials have said Iran was behind that attack.
Although hackers usually add enhancements to malware to advance its capabilities and make it harder to detect, in this case they used the same file as in the Aramco incident, the people familiar with the investigation said. The malware, which overwrites the master boot record of a computer, rendering it inoperable, has destroyed thousands of computers across multiple government agencies, two people familiar with the probe said.
The malware used against Aramco in 2012 was programmed to leave an image of a burning American flag before making the computer inoperable.