How Shamoon Gets In

Discussion in 'Network Security' started by Forensicator, Mar 7, 2017.

  1. [​IMG]

    1. Attackers send a spear phishing email to employees at the target organization. The email contains a Microsoft Office document as an attachment.
    2. Opening the attachment from the email invokes PowerShell and enables command line access to the compromised machine.
    3. Attackers can now communicate with the compromised machine and remotely execute commands on it.
    4. The attackers use their access to deploy additional tools and malware to other endpoints or escalate privileges in the network.
    5. Attackers study the network by connecting to additional systems and locating critical servers.
    6. The attackers deploy the Shamoon malware.
    7. A coordinated Shamoon outbreak begins and computer hard drives across the organization are permanently wiped.
    The above details how Shamoon eventually gets into your network but another issue persists. With businesses in countries being targeted by outside State factors, the relationship between International Relations and Cyber Conflict keeps getting narrower. It is an assumption that Stuxnet was directed at Iran to somewhat maintain a Balance of Power in the Middle East. If that is so, then what role did Shamoon play - also considering the role StoneDrill will play.

    In determining whether Shamoon was either a Hack or Attack, a working paper captures this.
     

Share This Page