Saudi Aramco restores 30,000 infected workstations
Saudi oil company says it has recovered from malware attack, hackers threaten to return
Saudi Aramco has said that it has restored 30,000 workstations that had been hit by a hack attack.
The oil company said that it had been affected by a malware attack from ‘external sources'.
On 15th August Aramco said that it had cut off external access to its systems following a hack attack, but the company claimed that oil production had not been affected. The company web site is still apparently inaccessible.
"We addressed the threat immediately, and our precautionary procedures, which have been in place to counter such threats, and our multiple protective systems, have helped to mitigate these deplorable cyber threats from spiralling," said Khalid A. Al-Falih, president and CEO, Saudi Aramco.
"Saudi Aramco is not the only company that became a target for such attempts, and this was not the first nor will it be the last illegal attempt to intrude into our systems," said Al-Falih. "We will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber-attack."
A previously unknown hacker group, calling itself ‘Cutting Sword of Justice' claimed responsibility for the attack, and posted blocks of what they claimed were infected IP addresses on Pastebin.
The group said that the attacks were due to Saudi government support for "crimes and atrocities" in countries including Syria and Egypt, and claimed that oil production had been affected. The group also threatened to attack Saudi Aramco again on 1st September.
The malware in use is believed to have been the Shamoon malware, which came to light on 21st August.