Reports state that Iran was behind the previous attacks and is also behind the current ones. The US Department of Defense issued a statement on Thursday warning contractors about the threat.
It read: “Between 2 and 7 December 2016, DSS was given information from another government agency regarding Indicators of Compromise (IOC) associated with a Shamoon malware variant and may be used in computer network exploitation attempts.”
Contractors received the alert to warn them about threats posed by FIEs (foreign intelligence entities) including information about the techniques and procedures used as well as tactics, infrastructure, and of course malware.
The statement also stated: “This information is being shared by DSS in order to enable potential targets of possible espionage activity to detect, disrupt or deny FIE’s exploitation of cleared contractor information systems, networks or personnel.”
In 2012, the “Cutting Sword of Justice,” a suspected Iranian hacking group, used Shamoon to wipe tens of thousands of computers belonging to Saudi Arabia state-owned oil company Aramco. At that time Armaco had to act quickly to take everything offline. This included emails and phones. The Register reported that the hackers had put a picture of a burning American flag into emails and documents.
Security company Symantec has said that the latest hackings have a picture of Alan Kurdi – the 3-year-old Syrian boy who drowned while trying to cross from Turkey to Greece.