Saudi Aramco, Saudi Arabia’s national oil company and the largest in the world, has confirmed that is has been hit by a cyber attack that resulted in malware infecting user workstations, but did not affect other parts of its network.Word is that this was due to the Disttrack malware that was only discovered yesterday:
“On Wednesday, Aug. 15, 2012, an official at Saudi Aramco confirmed that the company has isolated all its electronic systems from outside access as an early precautionary measure that was taken following a sudden disruption that affected some of the sectors of its electronic network,” the company wrote in a statement.
“The disruption was suspected to be the result of a virus that had infected personal workstations without affecting the primary components of the network.”
The company did not comment on the vector of attack or who may behind it, but insists its core operations have not been impacted as a result of the security breach.
Malware being used in a new series of targeted attacks has bucked the trend, choosing to destroy the computers it infects rather than just stealing sensitive information, security researchers said.Given the unusual destructiveness of the malware, one can't help suspecting an Iranian or Syrian revenge operation - but no evidence one way or another at present. Anyway, pretty interesting to have the world's largest oil company victim of a major cyberterrorism incident.
Called "Disttrack", the malware corrupts files, overwrites the infected machine's master boot record, and destroys the data so that it can't be recovered, according to reports from Symantec Security Response, Kaspersky Lab's Global Research and Analysis Team, and McAfee on Thursday. Disttrack has been observed in the Shamoon attacks, which has already affected at least one organization in the energy sector, Symantec said, but the company declined to provide any other details about the affected organization(s).