The data-wiping Shamoon malware resurfaced this week at Italian oil and gas contractor Saipem, where it destroyed files on about 10 percent of company PCs, according to a published report. The attacks may be linked to Saipem’s work with Saudi Aramco, a target of earlier Shamoon attacks.
Attribution in information security attack is a difficult thing. Being able to put a particular person behind a keyboard is often the problem. However, in recent years, security companies have been doing a better job of identifying groups of individuals with similar attack methods and preferences. For example CrowdStrike has identified over seven thousand discrete groups of state-sponsored groups, criminals, and hacktivists solely by their methods of operation, their patterns of attack. A report this week from Symantec looks at one particular group they call Morpho, which they believe is not state-sponsored but nonetheless responsible for intellectual property theft for monetary gain. Symantec notes that one key difference between attacks coming from competitors and state-sponsored attackers is that competitors are likely in a better position to request the theft of specific information of economic value. They make faster use of this information than a state-sponsored group. Morpho hs a preference […]