Researchers from Arbor Networks Security Engineering and Response Team (ASERT) say they have unearthed fresh leads on the tools and techniques used in the most recent wave of Shamoon attacks. Shamoon2 surfaced in November, approximately four years after the original Shamoon was used in attacks against Saudi Aramco, a national petroleum and natural gas company based in Saudi Arabia. IBM s X-Force said document-based malicious macros were used as means of initial infections. Emails sent to targets included a document containing a malicious macro that, when approved to execute, enables command and control.
Source: https://threatpost.com/researchers-uncover-new-leads-behind-shamoon2/123903/