Oil Giant Saudi Aramco Struggles To Recover From Hack Attack

The largest oil producer in the world is blocking outside access to its communication systems as it continues to struggle to get systems back online following a suspected cyber attack earlier this month.

On 15 August, Saudi Aramco said it had isolated all its electronic systems from outside access “as an early precautionary measure that was taken following a sudden disruption that affected some of the sectors of its electronic network”.

“The disruption was suspected to be the result of a virus that had infected personal workstations without affecting the primary components of the network,” Saudi Aramco said over Facebook.

It claimed the interruption had no impact on any of its oil production operations, saying IT experts anticipated “resuming normal operations of its network soon”.

Yet today systems remain isolated. TechWeekEurope attempted to telephone the company, only to be greeted by a recorded message reiterating what the company said nine days ago.

A hacktivist attack?

Supposed hacktivists have claimed the hit on the oil giant, saying they would hit the company again tomorrow (25 August). The group said it was “fed up of crimes and atrocities taking place in various countries around the world”, in a post on Pastebin. They said they were targeting the House of Saud, the ruling royal family of Saudi Arabia, and targeted Aramco as it was “the largest financial source for Al-Saud regime”.

The group, calling itself the ‘Cutting Sword of Justice’, claimed to have hacked Aramco systems in several countries before sending a virus across 30,000 computers – achieving a 75 percent infection rate of all the company’s systems. It refuted suggestions that a nation state was behind the attack.

The attack hit just before warnings of a new piece of malware called Shamoon or Disttrack, which was designed to infect a system’s Master Boot Record (MBR), making it un-bootable.

It was believed at least one organisation in the energy sector was hit by Shamoon, leading some to suggest Aramco could have been the victim. However, there has been no validation of that claim.

If hacktivists were behind the hit, it would mark a rare case of an activist group using malware. Traditionally, hacktivists like Anonymous have used distributed denial of service (DDoS) attacks to take down targets’ websites.

Are you a security guru? Try our quiz!