Saudi Aramco Confirms Data Leak Following $ 50 Million Cyber ​​Ransom Lawsuit


The Hawiyah natural gas liquid recovery plant, operated by Saudi Aramco, in Hawiyah, Saudi Arabia, on Monday, June 28, 2021.
Enlarge / The Hawiyah natural gas liquid recovery plant, operated by Saudi Aramco, in Hawiyah, Saudi Arabia, on Monday, June 28, 2021.

Bloomberg | fake images

Saudi Aramco, the world’s largest oil producer, confirmed on Wednesday that some of its company’s files had been leaked through a contractor, after a cyber extortionist claimed to have seized treasures of its data last month and demanded a ransom. of 50 million dollars to the company.

Aramco said in a statement that it “recently learned of the indirect release of a limited amount of company data that was held by third-party contractors.” The oil company did not name the supplier or explain how the data was compromised.

“We confirm that the data release was not due to a breach of our systems, has no impact on our operations, and the company continues to maintain a strong cybersecurity posture,” added Aramco.

The statement came after a hacker claimed on the dark web that they had stolen 1 terabyte of Aramco’s data, according to a June 23 post seen by the Financial Times. The hacker said he had obtained information on the location of oil refineries, as well as payroll files and confidential customer and employee data.

In another post, the perpetrator offered to remove the data if Aramco paid $ 50 million in a niche cryptocurrency Monero, which is particularly difficult for authorities to trace. The post also offered prospective buyers the opportunity to purchase the data for around $ 5 million.

The oil giant has the capacity to pump more than one in 10 barrels of crude on the global market and any threats to its safety or facilities are closely watched by oil traders and lawmakers.

The security vulnerabilities of energy companies and pipelines in particular have come under the spotlight recently after the Colonial Pipeline hack in the US earlier this year led to fuel shortages on the East Coast of the United States. country.

It was unclear who was behind the Aramco incident. Cyber ​​researchers noted that the attack did not appear to be part of a ransomware campaign, in which hackers use malware to seize users’ data or computer systems and only release them once the ransom has been paid. The hacker also did not claim to be part of a known ransomware gang.

Instead, the hacker appeared to have seized a copy of the data without using malware and set up dark web profiles to telegraph their activities.

Saudi Aramco facilities have been the target of both physical and cyber attacks in the past.

In 2019, the Abqaiq processing facility in the eastern part of the country, which prepares most of the kingdom’s crude for export, was hit by a series of missile and drone strikes that the United States blamed on Iran. World oil prices soared until Saudi Arabia was able to assure markets that it could still export enough oil to keep customers well supplied.

In 2012, Iran was also blamed for an alleged cyber attack against Saudi Aramco. Cybersecurity experts have said it was likely in retaliation for Stuxnet’s attack on Iran’s nuclear program, which has been widely attributed to the United States and Israel.

The 2012 attack wiped out data on roughly three-quarters of Aramco’s computers, according to reports at the time, including files, spreadsheets, and emails. They were replaced by an image of a burning American flag.

Saudi Aramco refineries, including the newly opened Jazan facility, which was featured in screenshots of the allegedly leaked data, have also come under physical attack from both drones and missiles, which have been claimed by Iranian-backed Houthi rebels. in Yemen. The Jazan refinery is located in southwestern Saudi Arabia on the Red Sea, not far from the border with Yemen.

The extortion attempt was first reported by the Associated Press.

© 2021 The Financial Times Ltd. All rights reserved It must not be redistributed, copied or modified in any way.


arstechnica.com

Leave a Reply

Your email address will not be published. Required fields are marked *