• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • April 22nd, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Security
Malware

Meet StoneDrill Malware Destroying Everything on Infected Computers

March 6th, 2017 Waqas Security, Malware 0 comments
Meet StoneDrill Malware Destroying Everything on Infected Computers
Share on FacebookShare on Twitter

The IT security researchers at Kaspersky Labs have discovered a new malware targeting oil and gas companies in the Middle East and also aiming towards targets in Europe.

Dubbed StoneDrill by researchers, the malware can evade antivirus detection and destroy everything on an infected device. Kaspersky Labs discovered that StoneDrill is being used in attacks against Saudi Arabia similar to the Shamoon malware reportedly linked with Iranian government-backed hackers since 2012.

The difference between both malware is that StoneDrill is more sophisticated then Shamoon, however, its build is similar to Shamoon 2.0, a variant of Shamoon malware that made a comeback in 2016 by targeting government servers in Saudi Arabia. Also, StoneDrill and Shamoon have a different codebase yet the mindset of the authors and their programming “style” appear to be similar.

It is unclear how StoneDrill is being delivered to victims, upon infecting a device, it injects itself into the memory process of the victim’s web browser and uses two sophisticated anti-emulation techniques aimed at fooling security solutions installed on the victim machine. The malware then starts destroying the computer’s disk files. Furthermore, StoneDrill also works as a backdoor apparently for large-scale espionage campaigns and spies on an unknown number of targets using four command and control (C&C) servers.

[fullsquaread][/fullsquaread]

“We were very intrigued by the similarities and comparisons between these three malicious operations,” said Mohamad Amin Hasbini, Senior Security Researcher, Global Research and Analysis Team, Kaspersky Lab. “Was StoneDrill another wiper deployed by the Shamoon actor? Or are StoneDrill and Shamoon two different and unconnected groups that just happened to target Saudi organizations at the same time? Or, two groups which are separate but aligned in their objectives? The latter theory is the most likely one: when it comes to artifacts, we can say that while Shamoon embeds Arabic-Yemen resource language sections, StoneDrill embeds mostly Persian resource language sections. Geopolitical analysts would probably be quick to point out that both Iran and Yemen are players in the Iran-Saudi Arabia proxy conflict, and Saudi Arabia is the country where most victims of these operations were found. But of course, we do not exclude the possibility of these artifacts being false flags.”

While Shamoon malware was delivered to victims through infected documents there are chances that StoneDrill is possibly using similar means for infecting unsuspecting users. In this regards, it is highly advisable to ignore unknown emails and avoid downloading attachments and clicking links sent from unknown senders.

[fullsquaread][/fullsquaread]

Source: Kaspersky Labs | Image Source: Wikimedia


DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.

  • Tags
  • Cyber Attack
  • cyber war
  • hacking
  • internet
  • Iran
  • Malware
  • Saudi Arabia
  • security
  • Shamoon
Facebook Twitter LinkedIn Pinterest
Previous article Microsoft Bug Bounty Program: Report Vulnerabilities, Get up to $30,000
Next article Google Increases its Bug Bounty Program Reward Money
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Play Store apps plagued with malware have 700,000 downloads

Play Store apps plagued with malware have 700,000 downloads

Facebook ads used in spreading Facebook Messenger phishing scam

Facebook ads used in spreading Facebook Messenger phishing scam

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Signal CEO hacks Cellebrite cellphone hacking, cracking tool
Hacking News

Signal CEO hacks Cellebrite cellphone hacking, cracking tool

Play Store apps plagued with malware have 700,000 downloads
Security

Play Store apps plagued with malware have 700,000 downloads

Facebook ads used in spreading Facebook Messenger phishing scam
Phishing Scam

Facebook ads used in spreading Facebook Messenger phishing scam

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us