• 3 minutes e-car sales collapse
  • 6 minutes America Is Exceptional in Its Political Divide
  • 11 minutes Perovskites, a ‘dirt cheap’ alternative to silicon, just got a lot more efficient
  • 5 days Does Toyota Know Something That We Don’t?
  • 5 days World could get rid of Putin and Russia but nobody is bold enough
  • 23 hours America should go after China but it should be done in a wise way.
  • 7 days China is using Chinese Names of Cities on their Border with Russia.
  • 8 days Russian Officials Voice Concerns About Chinese-Funded Rail Line
  • 8 days OPINION: Putin’s Genocidal Myth A scholarly treatise on the thousands of years of Ukrainian history. RCW
  • 8 days CHINA Economy IMPLODING - Fastest Price Fall in 14 Years & Stock Market Crashes to 5 Year Low
  • 7 days CHINA Economy Disaster - Employee Shortages, Retirement Age, Birth Rate & Ageing Population
  • 8 days Putin and Xi Bet on the Global South
  • 8 days "(Another) Putin Critic 'Falls' Out Of Window, Dies"
  • 9 days United States LNG Exports Reach Third Place
  • 9 days Biden's $2 trillion Plan for Insfrastructure and Jobs
Cyril Widdershoven

Cyril Widdershoven

Dr. Cyril Widdershoven is a long-time observer of the global energy market. Presently he works as a Senior Researcher at Hill Tower Resource Advisors. Next…

More Info

Premium Content

Middle East Oil Giants Grapple With Cyberattacks

As the global oil and gas markets are recovering from the steep sell-off last Monday, threats in the market are not just linked to demand-supply concerns. Cybersecurity specialists reported this week that hackers managed to get access to a large amount of data from Saudi oil giant Aramco. The company has confirmed that around 1TB of (confidential) data was stolen from its servers. According to AP sources, the data has been put on offer on the darknet for a price of $50 million.

It is at present still unknown who is behind the data theft, but some are also worried about the fact that no additional information is being given by the parties involved. The world’s largest listed oil company Aramco has been targeted by cyberattacks on a regular basis, such as the well-known Iran-instigated Shamoon virus attacks. This most recent attack on Aramco, shows that there remains a lot of work to be done to protect the oil giant against future data breaches, ransomware attacks, and industrial espionage. The Aramco data breach shows again the threat to energy supply comes not just from drone and missile attacks, but also from cyberattacks.

Since the Shamoon attack, which brought a large part of the Saudi giant to a standstill, major cybersecurity programs have been proposed and implemented by the Saudis. However, even a trillion-dollar company seems to be unable to fully protect its digital infrastructure. 

For financial stakeholders, the current situation is of course of interest. Saudi Aramco is implementing a major company restructuring strategy, focusing on mid-and downstream assets. The 1TB data breach is linked according to sources especially to downstream assets and operations. Potential pressure from this ‘third party contractor breach” on divestments or privatization plans, such as the Aramco pipeline project, should be not dismissed straight away. If the available data is much more in detail, especially on price settings or financial strategies, the damage could be much larger than currently presented in the press.

Related: Is The Fear Of Nuclear Energy Justified? Sources are stating that “Zero-day exploitation" has been used to get access to servers. The data is now being offered by a threat actor group known as ZeroX . In statements made by ZeroX, the 1TB of data has been stolen in 2020 by hacking Aramco's "network and its servers". The total data includes files from 1993 to 2020. On the darknet and other sites on the internet, ZeroX has posted samples of Aramco's blueprints and proprietary documents. The first data was already posted on a data breach marketplace forum in June this year:

The total data set, based on the initial posting on the so-called .onion leak site had a countdown timer set to 662 hours, or about 28 days, after which the sale and negotiations would begin. While it’s not exactly clear why the hackers went with a 662 hour deadline, but ZeroX reportedly has said that the choice of "662 hours," was intentional and a "puzzle" for Saudi Aramco to solve, but the exact reason behind the choice remains unclear. In an info piece, ZeroX has also stated that the 1TB dump includes documents linked to Saudi Aramco's refineries located in multiple Saudi Arabian cities, including Yanbu, Jazan, Jeddah, Ras Tanura, Riyadh, and Dhahran. Some other info shows that it includes:

  1. Full information on 14,254 employees: name, photo, passport copy, email, phone number, residence permit (Iqama card) number, job title, ID numbers, family information, etc.
  2. Project specification for systems related to/including electrical/power, architectural, engineering, civil, construction management, environmental, machinery, vessels, telecom, etc.
  3. Internal analysis reports, agreements, letters, pricing sheets, etc.
  4. Network layout mapping out the IP addresses, Scada points, Wi-Fi access points, IP cameras, and IoT devices.
  5. Location map and precise coordinates.
  6. List of Aramco's clients, along with invoices and contracts.

BleepingComputer reports that samples released by ZeroX on the leak site have personally identifiable information (PII) redacted, and a 1 GB sample alone costs US$2,000, paid through the cryptocurrency Monero (XMR). ZeroX also has stated that the price of the entire 1 TB dump is set at US$5 million if a party wants the exclusive rights for a one-off sale (i.e. obtain the complete 1 TB dump and demand it be wiped completely from ZeroX's end) it needs to pay a whopping US$50 million.

Related: Oil Prices Recover After Manic Monday

All parties, including ZeroX and Aramco, have reiterated that the incident is not a ransomware attack. Aramco has repeated that the breach happened at third-party contractors and that Aramco’s systems were not directly involved. A company spokesman repeated that the company continues to maintain a robust cybersecurity posture. Looking at the 2012 Shamoon attack, which destroyed 30,000 computer hard drives of Aramco, the current breach is less dangerous. Still, when looking at recent global ransomware and other cyber-related attacks, such as the Colonial Pipeline or European supermarkets, the threat to Aramco, and possibly other Arab national oil companies is real. 

Some also have stated that the ZeroX attack is a first of maybe a list of upcoming cyber attacks on Aramco. Even though the current data breach was executed through third-party contractors, it shows that hackers managed to find loopholes in the cybersecurity systems of oil and gas companies. 

Analysts will be scratching their heads in the coming months on how to deal with and prevent these data breaches or Shamoon 2.0 ransomware attacks. The current digitalization of oil and gas, including upstream, down- and midstream operations is not only a positive development. The huge amount of sensors, datapoints, information-gathering operations, and real-time monitoring, in principle to lower costs and increase profit margins, has become a weak spot for companies. As cyber warfare strategies of global and regional powers are advancing, attacks could become a lot more sophisticated and the oil and gas industry is expected to remain a key target.

Additionally, one should take statements about cybersecurity by government or company officials in the Middle East with a pinch of salt. No company or government official will ever show the back of his tongue when asked to comment. If the 2012 Shamoon case is a baseline for assessments and the discrepancies between official statements and reality, the current situation could be much worse than expected. 


By Cyril Widdershoven for Oilprice.com

More Top Reads From Oilprice.com:

Download The Free Oilprice App Today

Back to homepage

Leave a comment
  • Mamdouh Salameh on July 25 2021 said:
    The only data hackers are interested in with regard to Saudi Aramco is the actual size of its proven reserves which could be sold for a price of $50 million.

    The CIA must already know exactly how much proven reserves Saudi Arabia has. It can use this information to exert pressure in Saudi Arab whenever the need arises or extract billions of dollars in arms deals or influence Saudi political decisions.

    My latest research based on Saudi production since oil was discovered in Saudi Arabia in 1938 (for which we have figures) and an annual depletion rate averaging 5%-7% for the same period show that remaining Saudi reserves couldn’t have been bigger than 43 bb by the end of June 2021.

    Dr Mamdouh G Salameh
    International Oil Economist
    Visiting Professor of Energy Economics at ESCP Europe Business School, London

Leave a comment

EXXON Mobil -0.35
Open57.81 Trading Vol.6.96M Previous Vol.241.7B
BUY 57.15
Sell 57.00
Oilprice - The No. 1 Source for Oil & Energy News