Related Links

Related Stories

  • Insiders exploiting privileged accounts likely behind Saudi Aramco attack
    With the recent attack on Saudi oil giant Aramco being credited to Iran by the US government, a new report suggests that it may have been an inside job.
  • Second Middle East energy company hit by malware
    Qatari liquified natural gas company RasGas has suffered a malware attack reminiscent of the attack against the Saudi Aramco oil company last week. It is not known if either the attackers or the malware used are the same.
  • Oil Giant Saudi Aramco lights up network after malware attack
    Saudi Aramco, the national energy company of Saudi Arabia and one of the largest oil producers in the world, has repaired 30,000 workstations after a virus compromised security for about 75% of its terminals on Aug. 15. However, sections of its main website remained offline as of this writing.
  • Shamoon likely the malware used against Saudi oil giant Aramco
    Shamoon is now thought to be the malware used in the August 15 attack against the Saudi oil giant Aramco. A group calling itself Cutting Sword of Justice has claimed responsibility, and has threatened to confirm this power by returning at 21:00 GMT on August 25.
  • Shamoon – too buggy to be state-sponsored?
    When the Shamoon malware was first discovered earlier this month, it’s destructive nature puzzled researchers. Nevertheless, the apparent middle-eastern oil industry target seemed to suggest it belongs to the new brand of state-sponsored malware.

Top 5 Stories


Shamoon was an external attack on Saudi oil production

10 December 2012

In its first comment on the apparent purpose behind the August Shamoon attack on Aramco, Saudi Arabia said Sunday that it was an external attack not just against Aramco, but against the Saudi economy.

Shamoon struck Aramco in August of this year. Aramco was forced to shut its internal network for more than a week, although the website came back on line within a couple of days. Shamoon, sometimes considered to be a hackers’ copy of the more likely state-sponsored Wiper malware, infected 30,000 of Aramco’s computers, wiping their hard drives. It did not, however, affect oil production which is controlled from separate networks.

At the time there was considerable conjecture on how the attack had been effected. Some suggestions were that it must have involved insiders. Others that it was a state-sponsored attack from Iran. A group called Cutting Sword of Justice claimed responsibility for the attack, saying that its motives were political and citing Saudi ‘crimes and atrocities’ in countries such as Syria and Bahrain.

Now Maj. Gen. Mansour al-Turki, a spokesman for the Saudi Interior Ministry, has said that no insiders were involved, and that the attackers were an organized group operating from countries on four continents. He said he could give no further details because the investigation is continuing. Abdullah Al Sa’adan, Aramco’s vice president for corporate planning, said, “The main target in this attack was to stop the flow of oil and gas to local and international markets and thank God they were not able to achieve their goals.” 

Gulf News reported this morning that Al Sa’adan added, “Not a drop of oil was lost and the company was able to restore productivity in record time.” The restoration, and the cost, was limited to the replacement of affected hard disks, and the time spent by IT staff in restoring connectivity – a process that apparently took less than two weeks.

The attack is believed to have been instigated via spear-phishing against one or more Aramco staff. Al Turki said that he expects such cyber attacks to increase, and as a result, the kingdom is establishing a national centre to foil future attacks. “We are trying to upgrade our capabilities to the level required to combat such incidents,” he said.

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×