Saudi Arabia hit by wave of cyber attacks, Iran blamed

Civil aviation authority hit by data-destroying malware

In the past few days Saudi Arabia has been hit by a wave of destructive cyber attacks which have resulted in data being erased at the government's aviation agency. Five additional targets were hit too, unnamed sources told Bloomberg.

In total thousands of computers were wiped in Saudi's General Authority of Civil Aviation, erasing critical data and bringing operations there to a halt for several days, the sources say.

Already the finger of blame has been pointed at Iran, according to the sources. The two countries recently severed diplomatic ties and are on opposing sides in the region's many conflicts including Syria, Yemen and Iraq.

In particular, the malware deployed is similar but to that used in earlier attacks which were blamed on that Iran, but experts say that other countries may have been involved, routing the attack to make it appear to be of Iranian origin, perhaps aiming to derail the recent nuclear deal with the USA.

The attacks were apparently carried out using an enhanced version of the Disttrack malware used against the oil company Saudi Aramco in 2012 in the so-called Shamoon attacks.

According to security vendor Palo Alto Networks: "Disttrack is a multipurpose tool that exhibits worm-like behavior by attempting to spread to other systems on a local network using stolen administrator credentials. More importantly, its claim to fame is the ability to destroy data and to render infected systems unusable. The [Saudi Aramco] attack four years ago resulted in 30,000 or more systems being damaged."

In 2014 attackers destroyed most of the computer network of Sands Corp after it's owner suggesting the US use nuclear weapons against the Iran, an act that the US blamed on Iranian hackers. Meanwhile, Iran was a victim of the US and Israeli forces which used the Stuxnet worm to attack its uranium enrichment programme in 2010.