Saudi Aramco, a Saudi Arabian oil giant responsible for supplying a tenth of the world's oil, has instructed six separate firms with expertise in hacking and viruses to investigate a massive breach of security that infected 30,000 of the company's Windows-based office computers.
Early investigations have revealed that the hackers had assistance from an insider with high-level clearance, according to a source speaking with Reuters. The source said that Saudi Aramco's computer network is very well protected from attacks originating from the Internet, but attacks from within are weak points, especially in the high-level secured areas.
Hacker group "The Cutting Sword of Justice" has taken responsibility for the attack, claiming that they introduced the virus Shamoon to access documents on Saudi Aramco's computers for political purposes. They've supposedly found secrets about the company and are threatening to release them. The virus reportedly syphoned off small amounts of data by remotely sending it to command and control servers. After doing so, it wiped the hard drives of all the infected computers, making it virtually impossible to identify exactly what data has been stolen.
Shamoon has surprised Symantec as it uses several methods of penetrating a network, and once it succeeds, it tries to infect every computer on the LAN. "It's probably been 10 years since we saw something so destructive," said the firm's lead researcher, Liam O Murchu.
"All our core operations continued smoothly," said Saudi Aramco CEO Khalid Al-Falih when addressing government and business officials during a security workshop. He said that none of the company's oil exploration, production and other associated critical infrastructure was compromised, as they are isolated and heavily protected.