asset thumbnail
Research Reports

Credential Theft: Shamoon 2

Credential Theft: The Keystone of The Shamoon 2 Attacks

Since late November 2016, the Shamoon 2 attack campaign has brought three waves of destructive attacks to organizations within Saudi Arabia. Our investigation into these attacks has unearthed more details into the method by which the threat actors delivered the Disttrack payload. We have found evidence that the actors use a combination of legitimate tools and batch scripts to deploy the Disttrack payload to hostnames known to the attackers to exist in the targeted network.

Stay two steps ahead of threats

As a member we will keep you informed. Get exclusive invites to events, Unit 42 threat alerts, and the latest cybersecurity tips.