Saudi Aramco has suffered a data breach in which cyber attackers have stolen 1 terabyte of proprietary data of Saudi Arabia’s oil giant and are selling it on the dark web, BleepingComputer reported this week.
The oil giant confirmed to BleepingComputer that the data breach, which the hackers say was made last year, has had no impact on Saudi Aramco’s operations. The Kingdom’s state oil firm also said that the data breach was at third-party contractors, not on Aramco’s systems.
“Aramco recently became aware of the indirect release of a limited amount of company data which was held by third party contractors,” the Saudi oil giant told BleepingComputer.
“We confirm that the release of data has no impact on our operations, and the company continues to maintain a robust cybersecurity posture,” Aramco told BleepingComputer via a spokesperson.
The threat group, identified as ZeroX, is offering for sale on the darknet the data it claims to have gained by hacking Aramco’s “network and its servers” at some point last year.
ZeroX and Aramco both told BleepingComputer this data breach was not ransomware or any other kind of an extortion attack.
The data up for sale at a starting negotiable price of $5 million includes documents pertaining to Saudi Aramco refineries, personal information about more than 14,000 employees, project specifications for systems, pricing sheets and internal analyses, as well as security-related information including IP addresses, Wi-Fi access points, and IoT devices, ZeroX told BleepingComputer.
The group claims it has been negotiating the sale of the data with five potentially interested buyers, ZeroX told BleepingComputer.
Saudi Aramco has been the victim of cybercrimes in the past, the most notorious being the 2012 Shamoon malware that was used in a crippling attack that wiped out every computer at the Saudi oil firm. In 2018, a variant of the Shamoon malware resurfaced, cybersecurity experts warned at the time.