News, Security

Saudi security centre foils ‘advanced’ cyber-attack on Middle East

Saudi security officials have announced that the country has been the subject of a wide-ranging cyber espionage campaign, observed since February, against five Middle East nations as well as several countries outside the region.

Saudi security centre foils 'advanced' cyber-attack on Middle East
The Saudi security agency said in its own statement that the attacks sought to steal data from computers using email phishing techniques targeting the credentials of specific users.

The Saudi government’s National Cyber Security Centre (NCSC) said in a statement that the kingdom had been hit by a hacking campaign bearing the technical hallmarks of an attack group dubbed “MuddyWater” by US cyber firm Palo Alto Networks.

In a blog posted by Palo Alto’s Unit 42 threat research unit last Friday, the team showed how a string of connected attacks this year used decoy documents with official-looking government logos to lure unsuspecting users from targeted organisations to download infected documents and compromise their computer networks.

Documents pretending to be from the US National Security Agency, Iraqi intelligence, Russian security firm Kaspersky and the Kurdistan regional government were among those used to trick victims, Unit 42 said in the blog post.

The Unit 42 researchers said the attacks had targeted organisations across the Middle East – in Saudi Arabia, Iraq, the United Arab Emirates, Turkey and Israel, as well as entities outside the region in Georgia, India, Pakistan and the United States.

The Saudi security agency said in its own statement that the attacks sought to steal data from computers using email phishing techniques targeting the credentials of specific users.

The NCSC said they also comprised so-called “watering hole” attacks, which seek to trick users to click on infected web links to seize control of their machines.

This latest announcement comes not long after the Kingdom revealed a royal decree to create a national authority for cybersecurity, to “boost the cybersecurity of the state, and protect its vital interests, national security and sensitive infrastructure.”

Saudi Arabia has been the target of frequent cyberattacks, including the “Shamoon” virus, which cripples computers by wiping their disks and has hit both government ministries and petrochemical firms.

Saudi Aramco, the world’s largest oil company, was hit by an early version of the “Shamoon” virus in 2012, in the country’s worst cyberattack to date.

The NCSC declined further comment on the source of the attack or on which organisations or agencies were targeted. Palo Alto Networks was also unable to identify the source of the attackers.

“We are currently unable to make a firm conclusion about the origin of the attackers, or the specific types of information they seek out once on a network,” Unit 42 said in its blog post.

Previous ArticleNext Article

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

GET TAHAWULTECH.COM IN YOUR INBOX

The free newsletter covering the top industry headlines