Saudi Aramco, the world’s largest oil producer, confirmed on Wednesday that some of its business records were leaked through a subcontractor, after a cyber extortionist claimed to have seized treasures of its data the month last and demanded a ransom of $ 50 million from the company.
Aramco said in a statement that it had “recently become aware of the indirect disclosure of a limited amount of corporate data held by third party contractors.” The oil company did not name the supplier or explain how the data was compromised.
“We confirm that the data disclosure was not due to a breach of our systems, has no impact on our operations, and the company continues to maintain a robust cybersecurity posture,” added Aramco.
The statement came after a hacker claimed on the dark web that he stole 1 terabyte of Aramco data, according to a June 23 report seen by the Financial Times. The hacker said he obtained information on the location of oil refineries, as well as payroll files and confidential data on customers and employees.
In another post, the author offered to delete the data if Aramco paid $ 50 million into a niche cryptocurrency Monero, which is particularly difficult for authorities to trace. The publication also offered potential buyers the option to purchase the data for around $ 5 million.
The oil giant has the capacity to pump more than one in 10 barrels of crude into the global market and any threats to its security or facilities are closely watched by oil traders and policymakers.
The security vulnerabilities of energy companies and pipelines in particular have recently been in the spotlight following the hack of the Colonial pipeline in the United States earlier this year resulted in fuel shortages on the country’s east coast.
It was not clear who was behind the Aramco incident. Cyber researchers noted that the attack did not appear to be part of a ransomware campaign, where hackers use malware to grab a user’s data or computer systems and only release them once it has been released. ransom paid. The hacker also did not claim to be part of a known ransomware gang.
Instead, the hacker appears to have grabbed a copy of the data without using malware and set up dark web profiles to telegraph its activities.
Saudi Aramco facilities have been targeted in the past by physical attacks and cyber attacks.
In 2019, the Abqaiq processing plant in the east of the country, which prepares the majority of the kingdom’s crude for export, was hit by a series of missile and drone strikes the United States carried out. attributed to Iran. Global oil prices soared until Saudi Arabia was able to reassure markets that it could still export enough oil to properly supply its customers.
In 2012, an alleged cyberattack against Saudi Aramco was also blamed on Iran. Cyber security experts said it was likely retaliation for Stuxnet’s attack on Iran’s nuclear program, which has been largely attributed to the United States and Israel.
The 2012 attack wiped out data on about three-quarters of Aramco’s computers, according to reports at the time, including files, spreadsheets and emails. They have been replaced with an image of a burning American flag.
Saudi Aramco’s refineries, including the newly opened Jazan facility, which was listed in screenshots of the allegedly leaked data, have also come under physical attacks from both drones and missile strikes. , which were claimed by Iranian-backed Houthi rebels in Yemen. The Jazan refinery is located in the southwest of Saudi Arabia on the Red Sea, not far from the Yemeni border.
The extortion attempt was first reported by The Associated Press.