An attack group identifying itself as ZeroX breached the servers of Saudi Arabia’s state-owned oil company Saudi Aramco, stole a terabyte of data, and is now offering it for sale on the dark web with a starting price of $5 million.
The hackers reported to the Bleeping Computer website, which often serves as a means of communication between cybercriminals and their victims, that the data was stolen in 2020 by exploiting a zero-day vulnerability, namely one that was not known to developers. They gave the Saudi company 662 hours to respond to the ultimatum before selling the data, saying that the choice of the number was intentional and a “puzzle” for the company to solve.
According to what was published, the stolen data includes full personal information on more than 14,000 employees of the company; specifications related to electricity, architecture, engineering, telecommunications and other aspects of various projects throughout the Arab world; reports, letters, and pricing sheets; network layouts; and a list of clients.
It was not the first time for Saudi Aramco, one of the biggest oil companies in the world with 66,000 workers and profits of about $230 billion a year, to fall victim to a cyberattack. In August 2012, the day before one of Islam’s holiest nights of the year, Lailat al-Qadr, when the company was operating at a minimal level, Saudi Aramco was hit by one of the most destructive attacks ever carried out against a business entity, with data erased from about 35,000 of its computers by a virus called Shamoon.
A group calling itself “Sword of Justice” claimed responsibility for the attack, but many investigators believe that Iran was actually behind it. Saudi Aramco was hit by the virus again in 2017, and there were also many additional attempts in recent years, according to the company. It should be pointed out that cyber defense is an important component of the kingdom’s “Vision 2030”, Mohammad bin Salman’s ambitious development plan.