Saudi Aramco, one of the largest producer of petroleum has suffered with data breach . The companies confidential data amounting to 1TB are posted for sale in the darknet at an initial price of $5million.
When a Third party site(Bleeping Computer) reached out to Aramco, they had confirmed this incident on the third party contractors and there are no impact on its operation.
The threat actor group named “ZeroX” had confirmed that they had hacked into the Aramco network sometime back in 2020 and their data from stolen dating back to 1993 to 2020 has been dumped for the sale.
“When asked by BleepingComputer as to what method was used to gain access to the systems, the group did not explicitly spell out the vulnerability but instead called it “zero-day exploitation.”” reads the bleeping computer post.
Threat actors also set the initial countdown timer to 662hours or 28 days after which the selling activities can began. “ZeroX told BleepingComputer that the choice of “662 hours,” was intentional and a “puzzle” for Saudi Aramco to solve, but the exact reason behind the choice remains unclear:” stated in the bleeping computer blog post.
Below are the list of details posted up for sale in the darknet:
Project Specification:[ Electrical, Power System, Architectural, Chief Engineering, Civil, Construction Mgnt, Environmental, Instrument & Control, Interface Mgnt, Machinery – Rotating, Mechanical – Vessels, Piping, Project Engineering, Safety Engineering, Telecommunications ]
– Analysis Reports
– Project Design basis
– Unit Prices
– Network Documents:[ Internet Protocol, Scada Points, IP Camera, Wireless Access Point ]
– File Systems
– Saudi Bahrain Crude oil Pipeline
– Location Map and Precise Coordinates
– Information Regarding Most Of The Employees
– Aramco’s Clients
– full info about14254 employees: [ Name, photo, passport, email, phone number, Iqama number, Job title, family info, ID number, certificates, Aramco ID, and more ..]
ZeroX is also offering 1GB sample data for $2000 which can be paid in Monero coins.
Aramco has confirmed that this is not a ransomware or any other extortion incident, and “the company continues to maintain a robust Cybersecurity posture” Aramco spokesperson told to the third party site.
On a lighter note , this is not the first time the company has suffered with cyber attack, In 2012, Aramco has suffered with the Shamoon virus attack which has wiped over 30,000 hard drives which was allegedly linked to Iran.
–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1