Oil Firm Saudi Aramco Suffered Data Breach – Data Put For Sale On Dark Web

A major oil company fueling a majority of global activities has now fallen prey to a cybersecurity incident. Recently, a hacker put up a huge database for sale on the dark web with details belonging to Saudi Aramco. It appears Saudi Aramco has suffered a data breach.

Saudi Aramco Data Breach

Reportedly, Saudi Arabian Oil Company, commonly known as Saudi Aramco, has suffered a security breach as its data appeared online.

While the firm hasn’t precisely disclosed the breach, what backs the incident’s occurring is the appearance of a huge database for sale on the dark web. The sellers offer roughly 1TB of data supposedly stolen from the firm’s network.

According to Bleeping Computer, the hackers claim to have pilfered the data by exploiting zero-day vulnerabilities to hack Aramco’s network.

Explaining the information included in the database, the sellers list project specifications, analysis reports, agreements, file systems, network documents, letters, and other proprietary information. This information belongs to the oil refineries in Yanbu, Jazan, Jeddah, Ras Tanura, Riyadh, and Dhahran.

Apart from listing the content, the hackers have also uploaded blueprints and documents with redacted PII as samples.

This database includes information between 1993 and 2020. The seller group “ZeroX” has set the cost of the entire database as USD 5 million. Whereas, a 1GB subset would cost around $2000, to be paid in Monero (XMR).

Besides, the sellers demand USD 50 million if the buyer would want the hackers to sell the database and delete it from their end.

The attackers set up a countdown of 662 hours after which the negotiations about the sales will begin.

Has Aramco Suffered Ransomware Attack?

While the extent of the breach is huge, the attackers confirmed no ransomware activity behind this action. Rather they exploited security bugs (zero-days) to hack the firm’s network and servers and steal the data.

After the data exfiltration, the hackers attempted to contact the company over the matter. However, they didn’t intend extortion, and so, they put up the data for sale on the .onion site.

Saudi Aramco has also confirmed the breach in a statement to Bleeping Computer, alongside assuring no impact on its operations.

Aramco recently became aware of the indirect release of a limited amount of company data which was held by third party contractors.
We confirm that the release of data has no impact on our operations, and the company continues to maintain a robust cybersecurity posture.

This incident is different from the recent Colonial Pipeline cyberattack in that the latter was a ransomware attack.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients