Saudi Aramco restores internal network after malware attack

The company said its production and hydrocarbon exploration systems were not affected
  • Jeremy Kirk (IDG News Service)
  • — 27 August, 2012 00:46

Saudi Aramco, Saudi Arabia's national energy company, said on Sunday it had repaired 30,000 workstations infected with a malicious virus earlier this month.

The eighth largest refiner in the world said its main internal networks were affected on Aug. 15. The computers have now been "cleaned and restored to service," according to a statement. Company employees resumed work on Aug. 25 following the Muslim Eid holidays.

Enterprise systems used for hydrocarbon exploration and product are isolated network systems that were not affected. Production plants, which also have isolated systems, were not affected, Saudi Aramco said. The incident remains under investigation.

A group calling itself the "Cutting Sword of Justice" claimed responsibility for the attacks. The group accused the Saudi Arabian government of supporting "crimes and atrocities" in countries such as Syria and Egypt, according to a post on Pastebin.

Saudi Aramco said it expected further intrusions. "Saudi Aramco is not the only company that became a target for such attempts, and this was not the first nor will it be the last illegal attempt to intrude into our systems, and we will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber-attack."

Send news tips and comments to jeremy_kirk@idg.com

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Identity & Access Management

Why choose NetIQ for Identity and Access Management

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »