Home News Saudi Aramco data breach sees 1 TB stolen data for sale

    Saudi Aramco data breach sees 1 TB stolen data for sale


    saudi aramco ras tanura

    Attackers have stolen 1 TB of proprietary knowledge belonging to Saudi Aramco and are providing it on the market on the darknet.

    The Saudi Arabian Oil Firm, higher often called Saudi Aramco, is likely one of the largest public petroleum and pure gasoline corporations on the planet.

    The oil big employs over 66,000 staff and brings in virtually $230 billion in annual income.

    The risk actors are providing Saudi Aramco’s knowledge beginning at a negotiable value of $5 million.

    Saudi Aramco has pinned this knowledge incident on third-party contractors and tells BleepingComputer that the incident had no affect on Aramco’s operations.

    “Zero-day exploitation” used to breach community

    This month, a risk actor group often called ZeroX is providing 1 TB of proprietary knowledge belonging to Saudi Aramco on the market.

    ZeroX claims the information was stolen by hacking Aramco’s “community and its servers,” someday in 2020.

    As such, the information within the dump are as latest as 2020, with some courting again to 1993, in line with the group.

    When requested by BleepingComputer as to what methodology was used to realize entry to the methods, the group didn’t explicitly spell out the vulnerability however as a substitute referred to as it “zero-day exploitation.”

    To create traction amongst potential consumers, a small pattern set of Aramco’s blueprints and proprietary paperwork with redacted PII have been first posted on an information breach market discussion board in June this yr:

    forum post saudi aramco
    Discussion board submit with a hyperlink to the darkish net leak website (BleepingComputer)

    Nonetheless, on the time of preliminary posting, the .onion leak website had a countdown timer set to 662 hours, or about 28 days, after which the sale and negotiations would start.

    ZeroX advised BleepingComputer that the selection of “662 hours,” was intentional and a “puzzle” for Saudi Aramco to resolve, however the precise motive behind the selection stays unclear:

    ticking timer saudi aramco
    Menace actors introduced knowledge can be up on the market after 662 hours (BleepingComputer)

    The group says that the 1 TB dump contains paperwork pertaining to Saudi Aramco’s refineries situated in a number of Saudi Arabian cities, together with Yanbu, Jazan, Jeddah, Ras Tanura, Riyadh, and Dhahran.

    And, that a few of this knowledge contains:

    1. Full data on 14,254 staff: title, picture, passport copy, e mail, telephone quantity, residence allow (Iqama card) quantity, job title, ID numbers, household data, and so forth.
    2. Venture specification for methods associated to/together with electrical/energy, architectural, engineering, civil, development administration, environmental, equipment, vessels, telecom, and so forth.
    3. Inner evaluation stories, agreements, letters, pricing sheets, and so forth.
    4. Community format mapping out the IP addresses, Scada factors, Wi-Fi entry factors, IP cameras, and IoT units.
    5. Location map and exact coordinates.
    6. Record of Aramco’s purchasers, together with invoices and contracts.
    saudi aramco leak site
    Samples of stolen Saudi Aramco knowledge and blueprints shared on leak website (BleepingComputer)

    Samples launched by ZeroX on the leak website have personally identifiable data (PII) redacted, and a 1 GB pattern alone prices US$2,000, paid as Monero (XMR).

    The risk actor, nonetheless, did share just a few latest unredacted paperwork with BleepingComputer for affirmation.

    The value of the complete 1 TB dump is ready at US$5 million, though the risk actors say, the quantity is negotiable.

    A celebration requesting for an unique, one-off sale (i.e. get hold of the entire 1 TB dump and demand or not it’s wiped utterly from ZeroX’s finish) is predicted to pay a whopping US$50 million.

    ZeroX shared with BleepingComputer that up till this level, they’ve been negotiating the sale with 5 consumers.

    Not a ransomware or extortion incident

    Opposite to some claims floating round on the web [1, 2] labeling this incident a “ransomware assault,” it isn’t.

    Each the risk actor and Saudi Aramco have confirmed to BleepingComputer that this isn’t a ransomware incident.

    Saudi Aramco advised BleepingComputer that the information breach occurred at third-party contractors, moderately than direct exploitation of Aramco’s methods:

    “Aramco lately turned conscious of the oblique launch of a restricted quantity of firm knowledge which was held by third celebration contractors.”

    “We affirm that the discharge of knowledge has no affect on our operations, and the corporate continues to take care of a sturdy cybersecurity posture,” an Aramco spokesperson advised BleepingComputer.

    Mysteriously sufficient, the risk actors didn’t even inform Saudi Aramco of the stolen knowledge, or try extortion after having access to their networks, which additional casts doubts on the aim of the timer proven above.

    It appears the countdown timer was merely arrange as a lure for potential consumers; to generate an preliminary buzz across the sale.

    In 2012, a distinguished knowledge breach in opposition to Saudi Aramco’s methods wiped over 30,000 pc laborious drives clear.

    The cyberwarfare incident performed by way of the Shamoon virus was allegedly linked to Iran.

    In newer instances, assaults on mission-critical infrastructure just like the Colonial Pipeline and the biggest U.S. propane supplier, AmeriGas, have prompted a necessity for stepping up cybersecurity efforts at these services.

    Source link