Help

BI’s Article search uses Boolean search capabilities. If you are not familiar with these principles, here are some quick tips.

To search specifically for more than one word, put the search term in quotation marks. For example, “workers compensation”. This will limit your search to that combination of words.

To search for a combination of terms, use quotations and the & symbol. For example, “hurricane” & “loss”.

Login Register Subscribe

Saipem says Shamoon variant crippled hundreds of computers

Reprints
Saipem says Shamoon variant crippled hundreds of computers

(Reuters) — A hack on Italian oil services firm Saipem SpA that crippled more than 300 of the company's computers used a variant of the notorious Shamoon virus, Saipem said, a development that links the case to a massive attack in 2012 on Saudi Aramco.

"The cyberattack hit servers based in the Middle East, India, Aberdeen and in a limited way Italy through a variant of Shamoon malware," the company said in a statement on Wednesday.

Work is under way "in a gradual and controlled manner" to fully restore operations after the attack, it said.

The Shamoon virus was used in some of the most damaging cyberattacks in history, starting in 2012 when it crippled tens of thousands of computers at Saudi Aramco and RasGas Co Ltd. in the Middle East — attacks that cybersecurity researchers said were conducted on behalf of Iran.

Saudi Aramco is Saipem's biggest customer.

The attack crippled 300 to 400 servers and up to 100 personal computers out of a total of about 4,000 Saipem machines, the company's head of digital and innovation, Mauro Piasere, told Reuters.

No data will be lost because the company had backed up the affected computers, he said. The company said it first identified the attack on Monday.

Mr. Piasere said the company does not know who was responsible for the attack.

However, Adam Meyers, vice president with U.S. cybersecurity firm CrowdStrike Inc., said he believed Iran was responsible because early technical analysis of the new Shamoon variant showed similarities to the 2012 campaign.

Shamoon disables computers by overwriting a file known as the master boot record, making it impossible for devices to start up. Former U.S. Defense Secretary Leon Panetta has said the 2012 hack of Saudi Aramco was probably the most destructive cyberattack on a private business.

Shamoon went dormant until it resurfaced in late 2016 in a series of Middle East attacks that continued through early 2017.

"It went dark for a long time and it seems to be back," said Eric Chien, senior researcher at cybersecurity firm Symantec Corp. "The question is whether any others were affected by it."

Security researchers widely believe that people working on behalf of the Iranian government were behind previous Shamoon attacks, which Tehran strongly denies. Anti-U.S. imagery was found in the code, researchers have said.

Officials in Iran could not be reached for comment.

Saipem, one of the world's largest subsea engineering and construction firms, is controlled by Italian state lender CDP and oil firm Eni SpA.

 

 

 

 

 

Read Next

  • Shamoon virus returns in new Saudi attacks after 4-year hiatus

    (Reuters) — A version of Shamoon, the destructive computer virus that four years ago crippled tens of thousands of computers at Middle Eastern energy companies, was used two weeks ago to attack computers in Saudi Arabia, according to U.S. security firms.