Saudi Aramco, Saudi Arabiaâ€™s national oil company, said it restored to normal operation status its 30,000 stations affected â€œby a malicious virus that originated from external sourcesâ€, according to a press release on the companyâ€™s website. It said â€œprimary systemsâ€ were free from harm at all times because â€œthey function on isolated systems.â€
The Aug. 15 incident prompted the company to â€œisolate all its electronic systems from outside access as an early precautionary measure [â€¦] following a sudden disruption that affected some of the sectors of its electronic networkâ€, according to a statement posted on the Aramco Facebook Page at the time.
Two hacker groups claimed responsibility for this attack. The Arab Youth Group dubbed it operation “Sahabah-al-Nabi” and put it down to King Al-Saudâ€™s havingÂ become â€œthe agent of the United States and Israelâ€ and to â€œthe Saudi rulers betray[ing] the Arab world publiclyâ€. â€œYour childsTargeted Administrable structures and substructures of Aramco and Also the Stock Exchange of Saudi Arabia.This action has been done in order to warn the Saudi rulers,â€ read the Arab Youth Groupâ€™s Pastebin post released the day of the attack.
The Cutting Sword of Justice, the other underground group, offered approximately the same justification for the attack, namely that â€œan action was performed against Aramco company, as the largest financial source for Al-Saud regime.â€
The recent discovery of a â€œkill timerâ€ component in Shamoon, the latest cyber-sabotage tool to have been identified, led to speculation about this being the weapon in the Aramco attack, as reported by computerworld.com.
â€œSaudi Aramco is not the only company that became a target for such attempts, and this was not the first nor will it be the last illegal attempt to intrude into our systems, and we will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber-attack,â€ said Saudi Aramco CEO Khalid A. Al-Falih.