Search This Blog

Showing posts with label Saudi Arabia. Show all posts

Attack against Saudi Aramco Damages the World's Biggest Oil Producer



With the Saudi government and U.S. intelligence authorities accusing Iran, and Iran accusing the Yemeni rebels, the most recent attack against Saudi Aramco has damaged the world's biggest oil producer and deferred oil production, roiling oil and gas markets.

As of late, Iran has indeed deployed dangerous computer viruses against Saudi Arabia and these attacks have now marked a somewhat "real-world" continuation of this long-stewing cyber war between the two nations, by and by overflowed into other global powers.

Nicholas Hayden, the global head of threat intelligence for cyber intelligence company Anomali, who has served as a cyber-security operator in the electrical sector says that, “There hasn’t been a discernible increase in cyber-attack activity in the region yet but while nothing is standing out right now in the region, there’s a good chance that there are nation-state actors involved, ”

Iran has been notably known for increasing cyber-attacks when it clashes with nations, and that can likewise mean collateral damage in other companies  as well not simply Saudi-owned working together in the area.

“We’re certainly paying more attention than we normally would to that area. When stuff like this happens, we tend to put our ear a little bit closer to the ground.” Says Hayden.

Since, collateral damage is a common symptom of regional cyber conflict, organizations working in Saudi Arabia and beyond ought to likewise be alert for any changes that might hit the region.

The majority of the experts surveyed by CNBC conceded to one end solution, that in spite of the 'economic odds' stacked against them, Iran has turned out to be one of the world's most noteworthy cyber security powers.

John Hultquist, director of intelligence analysis for cyber security company FireEye, included later that, they’ve never been the most technically sophisticated. But they have made up in their brazenness, their willingness to destroy and disrupt. They have really separated themselves on this from others, as if they have nothing to lose.”

Regardless of all this Saudi Aramco yet again declined to comment for the issue when approached.

Saudi Arabia behind Jeff Bezos' phone hack




The investigators of Amazon chief’s release of intimate images believes that Saudi Arabian authorities were behind it.

According to the security officer of Amazon boss Jeff Bezos 
the Saudi Arabian authorities hacked into his phone, and obtained private data from it. 

Gavin De Becker, a longtime security consultant, launched the investigation after the National Enquirer published intimate texts between Bezos and his mistress, a television anchor Lauren Sanchez.

Last month, Bezos accused the newspaper’s owner of trying to blackmail him with the threat of publishing 'intimate photos' he allegedly sent to Sanchez unless he said in public that the tabloid’s reporting on him was not politically motivated.

"Our investigators and several experts concluded with high confidence that the Saudis had access to Bezos' phone, and gained private information," de Becker wrote on The Daily Beast website.

Last month,  the incident came into light when Mr Bezos acccused the owner of the tabloid of threatening him to publishing the ”intimate photos" that he allegedly sent to Ms Sanchez unless he did not publicly state that the tabloid's coverage of him was not politically motivated.




Espionage Group Aka Apt33 Targeting Various Organization in Saudi Arabia and US by Deploying A Variety of Malware In Their Network




An unceasing surveillance group otherwise known as APT33 group (Elfin) known for explicitly targeting on corporate networks has now set its sights by focusing on various organizations in Saudi Arabia and US by sending an assortment of malware in their system.

The hacker group which has reportedly compromised around 50 organizations in various countries since 2015, so far its attackers have bargained a wide range of targets including, governments alongside associations in the research, chemical, engineering, manufacturing, consulting, finance, telecoms, and several other sectors.

The cybercriminals scan the defenseless sites of a particular target and later use it for either command and control server or malware attacks if the site will be undermined effectively.

In spite of the fact that the gathering fundamentally focused on Saudi Arabia, with the 42% of attacks since 2016 and it’s compromised 18 organizations in the U.S alone in the course of recent years.

 In any case, for this situation, Elfin focused on organization including engineering, chemical, research, energy consultancy, finance, IT, and healthcare sectors in the U.S alone.





Amid the attack, Elfin is said to have used an assortment of open source hacking instruments, custom malware, and commodity malware to compromise the diverse targets.

Elfin Adept utilizes various openly accessible hacking instruments, including:
  • LaZagne (SecurityRisk.LaZagne): A login/password retrieval tool
  • Mimikatz (Hacktool.Mimikatz): Tool designed to steal credentials
  • Gpppassword: Tool used to obtain and decrypt Group Policy Preferences (GPP) passwords
  • SniffPass (SniffPass): Tool designed to steal passwords by sniffing network traffic


Additionally, numerous commodity malware tools were utilized for these attacks and the malware accessible for purchase on the digital underground including:
  • DarkComet (Backdoor.Breut)
  • Quasar RAT (Trojan.Quasar)
  • NanoCore (Trojan.Nancrat)
  • Pupy RAT (Backdoor.Patpoopy)
  • NetWeird (Trojan.Netweird.B)

Other than these, the custom malware family incorporates Notestuk (Backdoor.Notestuk), a malware in order to access the backdoor and assembling the data, Stonedrill (Trojan.Stonedrill), a custom malware equipped for opening a secondary passage on an infected PC and downloading the additional records.

Google refuses to delete "Absher" that allows men to track women





Google has refused to remove a Saudi Arabia government app "Absher" that allows men to track and control women's movements.

After reviewing the app, the company said that the software does not violate any of its agreement, and terms and conditions.

The tech giant has conveyed their decisions to the office of Representative Jackie Speier, a California Democrat who, with other 13 colleagues in Congress, demanded the removal of the app from the Google Play store.

The app allows men guardians of the women to a state where their dependents can go, for how long and which airports they can visit.

If a woman leaves a certain area, then immediately an alert is triggered to their male guardians.

The app has been criticized for its oppressive nature. It was initially designed for  Saudi citizens to access e-government services, but it also allows men to track their female dependents and migrant workers, in order to track their movements and restrict their free passage through passport data.

The app is available on both Google Play Store and Apple App Store.

However, Apple says it is still reviewing Absher.