Kill timer found in Shamoon malware suggests possible connection to Saudi Aramco attack
A timer found in the Shamoon cyber-sabotage malware discovered last week matches the exact time and date when a hacktivist group claims to have disabled thousands of computers from the network of Saudi Aramco, the national oil company of Saudi Arabia.
"We penetrated a system of Aramco company by using the hacked systems in several countries and then sent a malicious virus to destroy thirty thousand computers networked in this company," a group called the "Cutting Sword of Justice" said in a Pastebin post on Aug. 15. "The destruction operations began on Wednesday, Aug 15, 2012 at 11:08 AM (Local time in Saudi Arabia) and will be completed within a few hours."
That same day, Saudi Aramco confirmed that some sectors of its computer network were affected by a computer virus that infected workstations used by its employees. However, the incident did not affect the oil production operations in any way, Aramco said at the time.