The oil company did not name the supplier or explain how the data were compromised
After a cyber-extortionist claimed to have seized troves of its data last month and demanded a $50 million ransom from Saudi Aramco – the world’s largest oil producer, the company, On Wednesday, confirmed that some of its company files had been leaked via a contractor.
Aramco said in a statement that it had “recently become aware of the indirect release of a limited amount of company data which was held by third-party contractors”. The oil company did not name the supplier or explain how the data were compromised.
“We confirm that the release of data was not due to a breach of our systems, has no impact on our operations, and the company continues to maintain a robust cyber-security posture,” Aramco added.
The statement came after a hacker claimed on the dark web that they had stolen one terabyte of Aramco’s data, according to a post from 23 June seen by the Financial Times. The hacker said it had obtained information on the location of oil refineries, as well as payroll files and confidential client and employee data.
In another post, the perpetrator offered to delete the data if Aramco paid up $50 million in a niche crypto-currency Monero, which is particularly difficult for authorities to trace. The post also offered prospective buyers the chance to purchase the data for about $5 million.
The oil giant has the capacity to pump more than one in every 10 barrels of crude in the global market and any threats to its security or facilities are closely watched by oil traders and policymakers.
After the hack of the Colonial Pipeline in the US earlier this year resulted in fuel shortages across the east coast of the country, the security vulnerabilities of energy companies and pipelines in particular have fallen under the spotlight recently.
It was unclear who was behind the Aramco incident. Cyber researchers noted that the attack did not appear to be part of a ransom-ware campaign, where hackers use malware to seize users’ data or computer systems and only release it once a ransom has been paid. Nor did the hacker claim to be part of a known ransom-ware gang.
Instead, the hacker appeared to have seized a copy of the data without using malware, and set up dark web profiles to telegraph its activities.
Cyber-security experts have said this was probably a retaliation for the Stuxnet attack on Iran’s nuclear programme, which has been widely attributed to the US and Israel.
The 2012 attack erased data on about three-quarters of Aramco’s computers, according to reports at the time, including files, spread sheets and emails. They were replaced with an image of a burning US flag.
Saudi Aramco refineries, including the newly opened Jazan facility, which was listed in screenshots of the allegedly leaked data, have also been subjected to physical attacks both from drones and missile strikes, which have been claimed by Iran-backed Houthi rebels in Yemen. The Jazan refinery is in Saudi Arabia’s south-west on the Red Sea, not far from the Yemen border.