Shamoon Target: Aramco Production

Monday, December 10, 2012 @ 02:12 PM gHale

The main goal behind the Shamoon attack against Saudi Aramco was to take down the production of oil and gas in Saudi Arabia, a high level executive with the oil giant said Sunday.

The cyber attack against the world’s largest oil company in August that damaged 30,000 computers, but was really supposed to stop oil and gas production, said Abdullah al-Saadan, Aramco’s vice president for corporate planning.

Impact of Shamoon on SCADA Security
Iran behind Shamoon Attack
Shamoon Mitigations Shelter Systems
Shamoon Malware and SCADA Security

Thanks to a solid defense in depth program installed by the integration unit, the attack on Saudi Arabia’s national oil company Saudi Aramco — which supplies a tenth of the world’s oil — failed to disrupt production. The attack though was one of the most destructive hacker strikes against a single business. Shamoon also hit natural gas giant, RasGas of Qatar.

“The main target in this attack was to stop the flow of oil and gas to local and international markets and thank God they were not able to achieve their goals,” al-Saadan said on Al Ekhbariya television.

Hackers from a group called Cutting Sword of Justice claimed responsibility for the attack, saying their motives were political and the virus gave them access to documents from Aramco’s computers, which they threatened to release. No documents have yet published.

Aramco and the Saudi Interior Ministry are investigating the attack. A ministry spokesman, Maj. Gen. Mansour al-Turki, said the attackers were an organized group operating from countries on four continents.

The virus, Shamoon infected workstations on Aug. 15. The company shut its main internal network for more than a week. General Turki said the investigation had not shown any involvement by Aramco employees. He said he could not give more details because the investigation was not complete.

Shamoon spread through Aramco’s network and wiped computers’ hard drives clean. Aramco said damage was limited to office computers and did not affect systems software that might harm technical operations.

Two former senior CIA officials first alerted ISSSource the culprit in the attack was Iran working with personnel inside the Aramco’s computer center. They said the Saudi regime is investigating the attack and is arresting suspects like operating staff, janitors, office people, and cargo handlers.

CIA sources said attack was the work of a disgruntled Shiite insider (or insiders) that had full access to the system.

Richard Stiennon at IT-Harvest, a firm that tracks and reports on evolving cyber threats, told ISSSource 30,000 computers ended up scrambled and Iran was the perpetrator. He said Iranian-trained hackers launched the attack “in deep wrath” because of the mistreatment of the Shiites at the facility, and in Syria and Bahrain — two countries where the Saudi government has reportedly aided Sunni factions in their struggle with the Alawite-dominated regime and the Shiite majority, respectively.

The Aramco attack and the attack on RasGas, a major Qatar gas works, and other energy companies over the summer were in retaliation for the U.S.-Israeli developed Stuxnet virus that infected thousands of Iran’s nuclear program centrifuges, and as payback for the severe U.S.-imposed sanctions that have sent the Iranian economy into a tailspin, the CIA sources said.
This story was complied from a series of reports on ISSSource and Reuters.

Leave a Reply

You must be logged in to post a comment.