Saudi Aramco Victim of $50 Million Cyber Extortion on Dark Web, Denies System Breach

Saudi Aramco, one of the largest public petroleum and natural gas companies in the world, is the latest victim of cyberattacks with hackers claiming to have seized troves of its proprietary data last month and demanding ransom of $50m, Financial Times reports.

Saudi company, on the other side, denied there’s been any breach of its computer systems, pinning this data incident on third-party contractors and claiming it had no impact on Aramco’s operations.

Aramco said in a statement that they recently became aware of the indirect release of a limited amount of company data held by third-party contractors – without identifying them- and that the release of the data was not due to a breach of their systems or had impact on their operations.

It’s also not clear if the data was obtained via hacking or leaking or some other way.

Meanwhile, a group called ZeroX is taking credit for the attack, claiming the data was stolen by hacking Aramco’s network and its servers sometime in 2020, and that the attack vector involved “zero-day exploitation,” meaning one that had not been discovered before.

The hackers offered the stolen data starting at a negotiable price of $5 million, posting a small sample set of Aramco’s blueprints and proprietary documents with redacted PII on a data breach marketplace Raid Forums on June 23 to create traction among prospective buyers.

The data allegedly includes documents pertaining to Saudi Aramco’s refineries in multiple Saudi Arabian cities, including Yanbu, Jazan, Jeddah, Ras Tanura, Riyadh, and Dhahran, project specifications, analysis reports, project design basis, unit prices, agreement, network documents, file systems, letters, client information, contracts and full information on 14,254 employees.

Dirk Schrader, global vice president of marketing at IT security and compliance software firm New Net Technologies LLC, told SiliconANGLE  that while most of the details about this breach are unconfirmed, the list of data points in the trove provided by the threat actor is worrying.

Aramco has a chance to have the data deleted for $50 million in niche cryptocurrency Monero, which is particularly difficult for authorities to trace,  with ZeroX claiming that, up until this point, they have been negotiating a sale with five buyers.

Aramco, valued at around $1.8 trillion, was forced to shut down its entire network in August 2012 following a malware attack by the Shamoon virus, which deleted 30,000 hard drives. The company blamed Iran for that attack. Five years later, a similar virus disrupted computers at Sadara, a joint venture between Aramco and US-based Dow Chemical.

Eight service firms selected last month as exclusive suppliers for conducting third-party cybersecurity assessments and issuing compliance certificates by Saudi Aramco, who introduced its Cybersecurity Compliance Certificate Program for its suppliers, designed to minimize third-party risk, in 2020.

Be the first to comment

Leave a Reply

Your email address will not be published.