Saudi Aramco confirms data breach after a $50 million cyber ransom demand

Saudi Aramco, the world’s largest oil producer, confirmed on Wednesday that some of its company documents had been leaked through a contractor, after a cyber extortionist claimed to have confiscated a large amount of its data last month and demanded that the company pay a ransom of US$50 million.

Saudi Aramco said in a statement that it “recently realized that it has indirectly released a limited amount of company data held by third-party contractors.” The oil company did not name the supplier or explain how the data was leaked.

“We confirm that the release of the data is not due to damage to our system and has no impact on our operations. The company continues to maintain a sound cyber security Gesture,” Saudi Aramco added.

According to a June 23 post seen by the Financial Times, a hacker claimed on the dark web that they had stolen 1 terabyte of Aramco’s data and then issued a statement. The hacker stated that it had obtained information about the location of the refinery, as well as payroll files and confidential customer and employee data.

In another article, the perpetrator proposed to delete the data if Saudi Aramco A niche cryptocurrency of $50 million was paid for Monero, which is especially difficult for the authorities to track. The post also provided potential buyers with the opportunity to purchase data for approximately US$5 million.

The oil giant has the ability to extract more than 1 barrel per 10 barrels of crude oil in the global market, and oil traders and policy makers pay close attention to any threats to its safety or facilities.

In particular, the security vulnerabilities of energy companies and pipelines have declined Under the spotlight Recently, the US colonial pipeline was hacked earlier this year, causing fuel shortages on the country’s east coast.

It is not clear who is behind the Saudi Aramco incident. Network researchers pointed out that this attack does not appear to be part of the ransomware campaign. Hackers use malicious software to obtain user data or computer systems, and only release it after paying a ransom. The hacker also did not claim to be a member of a known ransomware group.

On the contrary, the hacker appeared to have obtained a copy of the data without using malware and set up a dark web profile to telegraph his activities.

Saudi Aramco’s facilities have been the target of physical and cyber attacks in the past.

In 2019, the Abqaiq processing plant in the eastern part of the country was hit by a series of blows. The processing plant prepared most of the country’s crude oil exports. Missile and drone attack The United States blamed Iran.Global oil prices have soared until Saudi Arabia can Appease the market It can still export enough oil to provide sufficient supply for customers.

In 2012, the alleged cyber attack on Saudi Aramco was also blamed on Iran. Cybersecurity experts said that this may be retaliation for Stuxnet’s attack on Iran’s nuclear program, which is widely regarded as the work of the United States and Israel.

According to reports, the 2012 attack deleted approximately three-quarters of Aramco’s computer data. report At the time, it included documents, spreadsheets, and emails. They were replaced by images of burning American flags.

The Saudi Aramco oil refinery, including the newly opened Jazan facility, is listed in the allegedly leaked data screenshot, also By subject Physical attacks from drone and missile attacks have been claimed by Iranian-backed Yemen Houthi insurgents. The Jazan Oil Refinery is located in the Red Sea in the southwest of Saudi Arabia, not far from the border with Yemen.

Newsletter twice a week

Energy is an indispensable business in the world, and energy is its newsletter. Every Tuesday and Thursday, Energy Source will be sent directly to your inbox, bringing you important news, forward-looking analysis and insider intelligence. Register here.

Source link


Leave a Reply

Your email address will not be published. Required fields are marked *