Malware "Stonedrill"

basic information

description

A wiper malware sharing similarities with Shamoon 2.0, but even stronger with past attacks of Newsbeef aka Newscaster aka CharmingKitten targeted Saudi Arabian Corporations and was even found in an Kaspersky Network in Europe.

sources attribution

Not available

sources politicalization

Not available

start

01.11.2016

end

01.12.2016

source incident detection disclosure

Incident disclosed by IT-security company

receiver

label:

Not available

category:

Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)

Other

country:

Europe (region)

label:

Not available

category:

Corporate Targets (corporate targets only coded if the respective company is not part of the critical infrastructure definition)

Other

country:

Saudi Arabia

inclusion criteria

Attack conducted by non-state group / non-state actor with political goals (religious, ethnic, etc. groups) / undefined actor with political goals

Attack conducted by a state-affiliated group (includes state-sanctioned, state-supported, state-controlled but officially non-state actors) (“cyber-proxies”) / a group that is generally attributed as state-affiliated

Attack on (inter alia) political target(s), not politicized

articles

https://www.clearskysec.com/wp-content/uploads/2017/12/Charming_Kitten_2017.pdf

added to database

15.08.2022

attributions

articles

Not available

attribution date

2018

attribution basis

IT-security community attributes attacker

attributing country

Not available

attributing actors

Not available

attribution type

Technical report (e.g., by IT-companies, Citizen Lab, EFF)

initiators

label:

APT33/Elfin/MAGNALLIUM/Holmium/Magic Hound/G0064

category:

Non-state actor, state-affiliation suggested

Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)

countries:

Iran, Islamic Republic of

label:

Charming Kitten/NEWSCASTER/APT35/Phosphorus/NewsBeef/Group 83/TA453/G0059

category:

Non-state actor, state-affiliation suggested

Non-state-group, state-affiliation suggested (widely held view for the attributed initiator (group), but not invoked in this case)

countries:

Iran, Islamic Republic of

legal attribution references

Not available

technical categories

Incident/Operation Type

Disruption

Hijacking with Misuse

data theft

none

disruption

Long-term disruption (> 24h; incident scores 2 points in intensity)

hijacking

Hijacking, system misuse, e.g., through data theft and / or disruption (incident scores 2 points in intensity)

Physical Effects (temporal)

none

Physical Effects (spatial)

none

unweighted cyber intensity

Target / Effect Multiplier

Moderate - high political importance

weighted cyber intensity

Low / moderate intensity - 4

MITRE: Initial Access

Not available

MITRE: Impact

Not available

Common Vulnerability Scoring System: User Interaction

Not available

Zero Day

political categories

cyber conflict issue

International power

offline conflict issue

Unknown

offline conflict intensity

Unknown

casualties

No casualties as a direct result of the cyber incident

political response

Not available

legal categories

state responsibility indicator

Not available

il breach indicator

Not available

response indicator

Not available

Evidence for Sanctions Indicator

Not available

legal response

Not available

impact indicator

Not available