X-Force

The Full Shamoon: How the Devastating Malware Was Inserted Into Networks

The Full Shamoon: How the Devastating Malware Was Inserted Into Networks

Since Shamoon incidents feature the infiltration and escalation stages of targeted attacks, X-Force IRIS responders sought out the attackers’ entry point. Their findings pointed to what appears to be the initial point of compromise the attackers used: a document containing a malicious macro that, when approved to execute, enabled C2 communications to the attacker’s server and remote shell via PowerShell.