Security Experts:

Malware Blamed for Outage at Middle East Natural Gas Producer

Earlier this month, the world’s largest oil production company, Aramco, was attacked by the Shamoon virus. On Monday, a second attack forced one of Qatar's two main LNG (Liquid Natural Gas) production and export companies offline as well. Speculation has it that Shamoon is responsible for this as well.

The early August attack against Aramco is notable, as it seems as if the Shamoon was created solely for this campaign. Adding to that line of thought were the threats made by a group calling themselves the Cutting Sword of Justice, who said they used Shamoon to target some 30,000 systems maintained by Aramco.

On Monday, Qatar’s RasGas said in a statement that a virus had caused problems, forcing them to take their network offline. However, “operational systems onsite and offshore are secure and this does affect nor impact our production as a Ras Laffan Industrial City plant or scheduled cargoes,” the statement added.

“In response to that we have a specialist RasGas IT team working in collaboration with ICT Qatar to resolve this issue as soon as possible.”

It’s unknown of Shamoon was the source of the RasGas attack, but at least one person says it was. James Herron, who is EMEA Energy News Editor at Dow Jones Newswires and the Wall Street Journal, commented on Twitter that sources say, “...the virus that shut down RasGas computers is also Shamoon, the virus widely-believed to have hit Aramco earlier this month.”

Despite the attack, RasGas says that employees are reporting to work as normal. Their website and network remains offline.

Subscribe to the SecurityWeek Email Briefing
view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.