• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

PyPI maintainers alert users to email verification phishing attack

 | 

FBI seizes 20 BTC from Chaos Ransomware affiliate targeting Texas firms

 | 

Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company

 | 

Orange reports major cyberattack, warns of service disruptions

 | 

Hackers leak images and comments from women dating safety app Tea

 | 

Pro-Ukraine hacktivists claim cyberattack on Russian Airline Aeroflot that caused the cancellation of +100 flights

 | 

Seychelles Commercial Bank Reported Cybersecurity Incident

 | 

Microsoft uncovers macOS flaw allowing bypass TCC protections and exposing sensitive data

 | 

U.S. CISA adds Cisco ISE and PaperCut NG/MF flaws to its Known Exploited Vulnerabilities catalog

 | 

Critical WordPress Post SMTP plugin flaw exposes 200K+ sites to full takeover

 | 

Scattered Spider targets VMware ESXi in using social engineering

 | 

China-linked group Fire Ant exploits VMware and F5 flaws since early 2025

 | 

Allianz Life data breach exposed the data of most of its 1.4M customers

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 55

 | 

Security Affairs newsletter Round 534 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Law enforcement operations seized BlackSuit ransomware gang’s darknet sites

 | 

Arizona woman sentenced for aiding North Korea in U.S. IT job fraud scheme

 | 

Operation CargoTalon targets Russia’s aerospace with EAGLET malware,

 | 

Unpatched flaw in EoL LG LNV5110R cameras lets hackers gain Admin access

 | 

Koske, a new AI-Generated Linux malware appears in the threat landscape

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Cyber warfare
  • Hacking
  • Security
  • Saudi Aramco, war of information on the cyber attack

Saudi Aramco, war of information on the cyber attack

Pierluigi Paganini December 18, 2012

Last summer a series of cyber attacks hit energy sector, one of the world’s largest oil companies the Saudi Aramco was attacked by a group named the Cutting Sword of Justice. Hackers used the Shamoon malware to attack the systems of the company, fortunately, production environment wasn’t impacted.

The malware is able to wipe files from the drive on the infected machine and according to security experts it was used also for others cyber attacks against Qatari RasGas oil company.

In the first phase of analysis, the presence of internal coding errors suggested to security experts that the creation of the malware was attributable to a work of amateurs, but is it really true? Could it be a diversionary tactic to divert attention from the real authors of malicious code?

Saudi Aramco supplies a tenth of the world’s oil, the attack infected 30,000 computers and crippled the national oil company’s electronic networks.Internal security response team brought down the internal network to mitigate the cyber threat avoiding its diffusion to other internal systems, cleaning operations lasted around 10 days.

Saudi Aramco

Aramco and the Saudi Interior Ministry are investigating the attack. A ministry spokesman, Maj. Gen. Mansour al-Turki, said the attackers were an organized group operating from countries on four continents.

 “organized group launched the attack from outside the kingdom and from different countries”, Saudi news agency Al Arabiya reported.

According to the company and Saudi government officials the real intent of the attack was to halt fuel production of the company, the investigations are still ongoing, Aramco’s vice president for corporate planning, Abdullah al-Saadan, declared at Al Ekhbariya television:

“The main target in this attack was to stop the flow of oil and gas to local and international markets and thank God they were not able to achieve their goals.”

The motivation of the attack is politics, the hackers accused the policy of Royal Family and its interference in the political disputes of neighboring countries, such as Syria and Bahrain.

Saudi Arabia provided military support to Bahrain last year to back the Persian Gulf state’s rulers rejecting Shiite-led protesters. Saudi Arabia could have also fund Syria rebel army to increase pressure on the Assad regime.

The Guardian journal reported:

“The Guardian witnessed the transfer of weapons in early June near the Turkish frontier. Five men dressed in the style of Gulf Arabs arrived in a police station in the border village of Altima in Syria and finalised a transfer from the Turkish town of Reyhanli of around 50 boxes of rifles and ammunition, as well as a large shipment of medicines.

The men were treated with deference by local FSA leaders and were carrying large bundles of cash. They also received two prisoners held by rebels, who were allegedly members of the pro-regime militia, the Shabiha.

The influx of weapons has reinvigorated the insurrection in northern Syria, which less than six weeks ago was on the verge of being crushed”

Meanwhile, Saudi authorities are conducting the investigation voice on US involvement in the attack are circulating on the internet, FARS news agency (FNA) has recently published an article that reports a new sensational update on the famous event.

According to the agency, an informed source in Aramco took the US Department of Defense responsible for the cyber attack.

“Proofs and evidence show that the cyber attack on Aramco company has been carried out by a foreign group and given the record of virus attacks against Aramco it can be said that Pentagon is behind it,” FNA reported.

The accusation is undoubtedly heavy and open new scenarios, we are in a middle of information warfare in which misinformation is the primary tactics followed by the contenders, last October U.S. declared that Iran was behind cyber attack in Saudi Arabia, the revelation was done by a former U.S. official who has worked on cybersecurity issues.

U.S. government strongly supports that Iranian cyber experts have created the “shamoon” virus that hit Saudi Aramco and RasGas,  Lewis, a senior fellow at the Center for Strategic and International Studies think tank said:

“There’s generally a conviction that it was Iran,”

US authorities declared that it was implausible the Iranian government would not be aware of a major cyber operation coming from sources inside the country:

“How could you do something that consumed a massive amount of bandwidth in Iran and not have the government notice, when it’s monitoring the Internet for political purposes?”

Doubts are legitimate, the unique certainty is the Iranian cyber capabilities are growing like no other representing a great cyber threat for every state, but this is cyber warfare and every state is silently developing its cyber weapons and it trying to exploit networks of foreign adversaries.

In the next months, the number of cyber espionage operations and more in general of cyber attacks is destined to an exponential increase and in many cases, it will be impossible to track back the real origin of the offensive, every state must be prepared developing an efficient cyber strategy.

Pierluigi Paganini

[adrotate banner=”9″] [adrotate banner=”12″]  

Pierluigi Paganini

(Security Affairs – Saudi Aramco, Information Warfare)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

cyber espionage cyber warfare cyber weapons Iran malware RasGas Saudi Aramco Shamoon

you might also like

Pierluigi Paganini July 30, 2025
PyPI maintainers alert users to email verification phishing attack
Read more
Pierluigi Paganini July 30, 2025
Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    PyPI maintainers alert users to email verification phishing attack

    Hacking / July 30, 2025

    FBI seizes 20 BTC from Chaos Ransomware affiliate targeting Texas firms

    Cyber Crime / July 30, 2025

    Critical SAP flaw exploited to launch Auto-Color Malware attack on U.S. company

    Malware / July 30, 2025

    Orange reports major cyberattack, warns of service disruptions

    Security / July 29, 2025

    Hackers leak images and comments from women dating safety app Tea

    Data Breach / July 29, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT