A hacktivist group going by the ominous name of “the Cutting Sword of Justice” claimed responsibility for the attacks, although the source of the malware has not been officially announced. The group claimed to have “shut down the world’s largest oil company,” and with some glee accused the Saudi government of supporting "crimes and atrocities" in countries such as Syria and Egypt, and working against the Arab Spring movement while revolutions continue to spark on.
Saudi Aramco, which also happens to be the eighth-largest oil refiner globally, said that all workstations have been cleaned and restored to service now that Saudi Aramco employees have returned following the Eid holidays, resulting in normal workflow. As a precaution, remote Internet access to online resources has been restricted.
The company said that it is continuing to investigate the causes of the incident and those responsible for it, confirming only that the compromise was certainly external. Many have speculated that the culprit was a variant of the Shamoon virus, which Kapersky characterizes as a copycat to the Wiper malware that compromised Iran's oil ministry in April.
Anxious to point out that core businesses were unaffected, company executives said that hydrocarbon exploration, production, exports, sales, distribution operations, financial and human resources systems, and core databases remained intact, because they run on their own isolated and redundant systems.
“We would like to emphasize and assure our stakeholders, customers and partners that our core businesses of oil and gas exploration, production and distribution from the wellhead to the distribution network were unaffected and are functioning as reliably as ever,” said Khalid A. Al-Falih, president and CEO at Saudi Aramco.
He went on to note that further intrusions should be expected, given the high-profile and political nature of its business.
“Saudi Aramco is not the only company that became a target for such attempts, and this was not the first nor will it be the last illegal attempt to intrude into our systems, and we will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber-attack,” he said.