On Aug. 15, 2012, someone with high levels of network access at Saudi Aramco, one of the world’s largest oil companies, unleashed a virus that wiped data from more than 30,000 computers. The release of Shamoon is considered one of the most destructive cyberattacks on a private business to date.
Thought by U.S. intelligence to originate in Iran, Shamoon erased hard drives, leaving an image of a burning American flag. Files destroyed by Shamoon were overwritten with corrupt files to prevent recovery. It’s estimated Shamoon erased files on 75% of Aramco machines, forcing the company to shut down its internal network along with email and internet access to prevent further spread. The attack was purported to have taken place in retaliation against the Saudi Arabian royal family for its actions in various countries around the world. On Aug. 29, the hackers—who called themselves the “Cutting Sword of Justice”—published a list of Aramco usernames and passwords, including those of CEO Khalid Al-Falih, proving they still had access to the internal Aramco network, though the company was able to regain control by the month’s end. (Oil production was unaffected throughout the Shamoon attack as it was controlled by isolated network servers.)
But that wasn’t the last the world heard of Shamoon. After lying dormant for a few years, Shamoon attacks were reported in 2016 and 2017, and in December 2018, a variant of the virus attacked Saipem, an Italian oil services company. Aramco is one of Saipem’s biggest clients.
Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.
Photo: fotogestoeber / Shutterstock