Related Links

Top 5 Stories


Shamoon was an external attack on Saudi oil production

10 December 2012

In its first comment on the apparent purpose behind the August Shamoon attack on Aramco, Saudi Arabia said Sunday that it was an external attack not just against Aramco, but against the Saudi economy.

Shamoon struck Aramco in August of this year. Aramco was forced to shut its internal network for more than a week, although the website came back on line within a couple of days. Shamoon, sometimes considered to be a hackers’ copy of the more likely state-sponsored Wiper malware, infected 30,000 of Aramco’s computers, wiping their hard drives. It did not, however, affect oil production which is controlled from separate networks.

At the time there was considerable conjecture on how the attack had been effected. Some suggestions were that it must have involved insiders. Others that it was a state-sponsored attack from Iran. A group called Cutting Sword of Justice claimed responsibility for the attack, saying that its motives were political and citing Saudi ‘crimes and atrocities’ in countries such as Syria and Bahrain.

Now Maj. Gen. Mansour al-Turki, a spokesman for the Saudi Interior Ministry, has said that no insiders were involved, and that the attackers were an organized group operating from countries on four continents. He said he could give no further details because the investigation is continuing. Abdullah Al Sa’adan, Aramco’s vice president for corporate planning, said, “The main target in this attack was to stop the flow of oil and gas to local and international markets and thank God they were not able to achieve their goals.” 

Gulf News reported this morning that Al Sa’adan added, “Not a drop of oil was lost and the company was able to restore productivity in record time.” The restoration, and the cost, was limited to the replacement of affected hard disks, and the time spent by IT staff in restoring connectivity – a process that apparently took less than two weeks.

The attack is believed to have been instigated via spear-phishing against one or more Aramco staff. Al Turki said that he expects such cyber attacks to increase, and as a result, the kingdom is establishing a national centre to foil future attacks. “We are trying to upgrade our capabilities to the level required to combat such incidents,” he said.

This article is featured in:
Internet and Network Security  •  Malware and Hardware Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×