PARIS – Researchers at a U.S. antivirus firm say the destructive cyberattack that hit Saudi Arabia late last year is continuing, revealing new details about an unusually disruptive campaign that some have linked to Iran.
McAfee said in a blog post published Wednesday that it had detected three waves of electronic intrusions aimed at sabotaging organizations across Saudi Arabia starting on Nov. 17. A second wave hit on Nov. 28. The third wave is ongoing.
Unlike more traditional forms of cyberespionage, which are aimed at stealing information, these intrusions were aimed at causing widespread disruption by wiping data off hard drives.
McAfee drew several connections to a 2012 attack, dubbed "Shamoon," which has been linked to Iran, but the company stopped short of blaming anyone for the attacks, in line with industry practice.