The Shamoon virus has surfaced again after compromising yet another oil company. The victim this time was Italian firm Saipem, who had nearly 500 devices crippled by the attack. The affected devices were located at sites in the Middle East, India, Scotland, and Italy. Between 300 and 400 servers were found to be infected and 100 personal computers, out of the company’s 4,000 machines. The variant of Shamoon that was discovered in this attack is very similar to the variant which was utilized against Saudi Aramco back in 2012. Luckily for Saipem, they had recently backed up all of the effected devices shortly before the infection took place, making recovery a much easier endeavor.
Written by: Nataliia Zdrok, Threat Intelligence Analyst at Binary Defense Russia’s invasion of Ukraine increased