Saudi Arabia-based Aramco was attacked earlier this month by malware that targeted some 30,000 workstations. According to the state-owned group which controls all of Saudi Arabia’s oil production, things have been cleaned up in short time, and oil production itself was not impacted.
The early August attack gained traction because the malware itself appeared to be created solely for this campaign. It has a Hollywood quality as well, given that 30,000 systems at the world’s largest oil production company were hit in a single sweep. Adding to that were the threats made by a group calling themselves the Cutting Sword of Justice warned that they would attack again on Saturday.
“We would like to emphasize and assure our stakeholders, customers and partners that our core businesses of oil and gas exploration, production and distribution from the wellhead to the distribution network were unaffected and are functioning as reliably as ever,” Aramco’s CEO, Khalid al-Falih, said in a prepared statement.
Online, the company’s website simply tells visitors that everything is under control and that they are working to restore services to normal as soon as possible.
“We have isolated all our electronic systems from outside access as an early precautionary measure that was taken following a sudden disruption which affected some sectors of our network,” the website’s greeting explains.
“The disruption was suspected to be the result of a virus that had infected personnel workstations without affecting the primary components of the network. The interruption is under control, we are working diligently to restore services to normal as soon as possible in a methodical approach.”
“This was not the first nor will it be the last illegal attempt to intrude into our systems,” al-Falih said.
Some reports have speculated that malware used in the attack was Shamoon, a highly destructive cyber weapon that also contains the ability to siphon data from an infected host. Given the malware’s abilities and the fact that it could have been developed for this particular attack, it may be entirely too early to call the coast clear. Additional research on Shamoon is here and here.