Dhahran, Saudi Arabia: An investigation into a computer virus that affected about 30,000 workstations at state-owned oil giant Saudi Arabian Oil Co. in August has found the attack originated from outside the kingdom and involved so called “spear phishing”, the Saudi interior ministry and Aramco said on Sunday.
No employee of Saudi Aramco, or related contractors, were involved in the cyber attack, Abdullah Al Sa’adan, Saudi Aramco’s vice president for corporate planning, told reporters at a press conference at the company’s headquarters in Dhahran. The incident was “not only targeting Aramco as an entity but was designed to disrupt the whole economy and was aimed at halting the flow of oil and gas.”
“Not a drop of oil was lost and the company was able to restore productivity in record time,” Al Sa’adan added.
Spear phishing typically involves a spoof email to trick users into clicking through to a website where a hacker can install malicious software or gain control of another computer.
The Aramco virus, which originated from external sources, forced the world’s largest oil producer to isolate all its electronic systems from outside access, but left the company’s operations unaffected. That attack, wielding a virus called ‘Shamoon’, destroyed data on 30,000 computers. A group calling itself ‘Cutting Sword of Justice’ claimed responsibility for the attack, which US investigators told the Wall Street Journal in October was tied to Iran.
Small section affected
Saudi Aramco said on Sunday only a small section of its vast network was affected and the cost of the attack was “limited to replacing the affected discs” and the time that IT staff spent in restoring connectivity.
Saudi interior ministry spokesman Major General Mansour Al Turki said he expects the number of cyber attacks to increase in the future. As a result, the kingdom is in the process of establishing a national centre to prevent such incidents.
“We are trying to upgrade our capabilities to the level required to combat such incidents,” Al Turki said.