Washington // State-sponsored hackers who unleashed a digital bomb in key parts of Saudi Arabia’s computer networks over the last two weeks damaged systems at the country’s central bank, known as the Saudi Arabian Monetary Agency.
The central bank said late on Friday that its systems had not been breached and that it has continuous surveillance to protect against cyber threats.
The attacks, which afflicted at least eight government entities, used a computer-killing malware known as Shamoon that is linked to Iran, according to two people briefed on an ongoing investigation of the breach.
The malware had the potential to inflict damage on targets across several critical sectors, including finance and transportation.
The investigation is still in its early stages and the determination of responsibility could change, the two people said. The number of entities where damage occurred is likely to grow as the probe continues, a third said.
The monetary agency joins the ranks of central banks that have suffered digital attacks in the past year. Russia’s central bank said Friday that hackers have stolen more than 2 billion rubles (Dh115m) from correspondent accounts at there and from client accounts at Russian banks. In February, hackers stole US$8m (Dh297.5m) by manipulating the international payment system at the central bank in Bangladesh.
Along with the General Authority of Civil Aviation, which runs Saudi airports, the hackers also hit the Ministry of Transportation, which oversees the kingdom’s road network, one of the people said.
The central bank is a most sensitive target. It manages the kingdom’s foreign-exchange reserves, supervises commercial banks, and runs the country’s electronic-payments system.
It is unclear what part of the central bank’s information systems were damaged in the attack. There have not been reports of outages in the electronic-payments system or other parts of the banking sector.
The Shamoon malware used in the attacks is the same one that was used in a devastating attack on Saudi Aramco in 2012 that destroyed 35,000 computers within hours. US officials have said Iran was behind that attack.
Although hackers usually add enhancements to malware to advance its capabilities and make it harder to detect, in this case they used the same file as in the Aramco incident, the people familiar with the investigation said. The malware, which overwrites the master boot record of a computer, rendering it inoperable, has destroyed thousands of computers across multiple government agencies, two people familiar with the probe said.
The software that destroyed the Aramco computers four years ago was programmed to leave an image of a burning American flag before making the computer inoperable. In this attack, the software displayed an image of Alan Kurdi, the three-year-old Syrian boy who drowned fleeing the conflict in Syria, said Dmitri Alperovitch, chief technology officer at the security firm Crowdstrike, whose team has examined the malware.
* Bloomberg