• First known sample

  • Discovery

  • Current status

  • Type

    Data destroyer
  • Targeted platforms

  • TOP targeted countries

    Saudi Arabia
  • The way of propagation

    Access to network connections
  • Purpose/Functions

    Cyberespionage , Data wiping
  • Special features
    StoneDrill has several “style” similarities to Shamoon, with multiple interesting factors and techniques to allow for the better evasion of detection. In addition to suspected Saudi targets, one victim of StoneDrill was observed on the Kaspersky Security Network (KSN) in Europe. This makes us believe the threat actor behind StoneDrill is expanding its wiping operations from the Middle East to Europe.
  • Targets

    Government entities , Telecoms
  • Artefacts/Attribution
    StoneDrill embeds mostly Persian resource language sections.
  • Description

    A highly destructive wiper malware targeting organizations in Saudi Arabia, including those representing the government, industry, transport, and telecoms. It was also used in wiping attacks in Europe.

    Additional information