StoneDrill has several “style” similarities to Shamoon, with multiple interesting factors and techniques to allow for the better evasion of detection. In addition to suspected Saudi targets, one victim of StoneDrill was observed on the Kaspersky Security Network (KSN) in Europe. This makes us believe the threat actor behind StoneDrill is expanding its wiping operations from the Middle East to Europe.
Targets
Government entities , Telecoms
Artefacts/Attribution
StoneDrill embeds mostly Persian resource language sections.
Description
A highly destructive wiper malware targeting organizations in Saudi Arabia, including those representing the government, industry, transport, and telecoms. It was also used in wiping attacks in Europe.
Mitigation is where enterprises need to start, prevention being significantly more effective and more cost-efficient than remediation after an attack
Read more