The New York Times reported about the damages of the attacks on Saudi Aramco, a Saudi Arabian oil firm. The article stated the following, blaming Iran for the attacks on Saudi Aramco along with supporting evidence:
That morning, at 11:08, a person with privileged access to the Saudi state-owned oil company’s computers, unleashed a computer virus to initiate what is regarded as among the most destructive acts of computer sabotage on a company to date. The virus erased data on three-quarters of Aramco’s corporate PCs — documents, spreadsheets, e-mails, files — replacing all of it with an image of a burning American flag.
United States intelligence officials say the attack’s real perpetrator was Iran, although they offered no specific evidence to support that claim. But the secretary of defense, Leon E. Panetta, in a recent speech warning of the dangers of computer attacks, cited the Aramco sabotage as “a significant escalation of the cyber threat.” In the Aramco case, hackers who called themselves the “Cutting Sword of Justice” and claimed to be activists upset about Saudi policies in the Middle East took responsibility.
Intelligence officials are still investigating the nature of the RasGas hack also, because it is related to this attack, which involved a malware called Shamoon.
The investigations of Saudi Aramco and RasGas, Qatar’s top natural gas firm, are coming together. Most of the cyberattacks this year have been aimed at erasing data on energy companies’ computers. More updates to come.
- How hackers attacked Saudi oil company’s computers (seattletimes.com)
- US Increasingly Convinced Iran Behind Attack On Saudi Aramco (techweekeurope.co.uk)
- Shamoon Virus that Attacked Saudi Aramco is the Most Dangerous to Date (oilprice.com)
One of Qatar’s natual gas companies, RasGas, is the next victim of a cyberattack against an energy company so far in the past month. After following the attack against Saudi Aramco, this attack comes in a similar form: infecting each machine with a virus (of course) causing the company to disable internet access to block the hacker. This disables the ability to fully communicate business across servers of the company.
According to Security Affairs, (As occurred in the case of Saudi Aramco) the malware was not affecting gas extraction and critical processing.
In Saudi Aramco, the Shamoon malware was blamed, and it may be a benefactor in this case, as well. Reporters say there is no damage to any other thing in the company, and it will not take long to clear this problem.