Oil giant Saudi Aramco hit by 1TB data breach

Data Breach
(Image credit: Shutterstock)

The oil giant Saudi Aramco has fallen victim to a data breach in which hackers were able to steal 1TB of proprietary company data that they're now trying to sell on the Dark Web.

As reported by BleepingComputer, the threat actors behind the breach did not manage to infiltrate the network and systems of the Saudi Arabian Oil Company but rather those of third-party contractors working for the company.

The cybercriminal group known as ZeroX is now selling 1TB of proprietary Saudi Aramco data on an online hacking forum starting at $5m but the price is negotiable. The group claims that the data itself was stolen from the company sometime last year though some of the files contained in the dump date all the way back to 1993.

BleepingComputer reached out to the threat actors that comprise ZeroX to find out how they gained access to the systems of Saudi Aramco's third-party contractors and while the group did not name the exact vulnerability that was exploited, they did say it was a zero-day.

The countdown begins

To stoke interest in its upcoming sale, ZeroX posted a small sample set of Saudi Aramco's data which contained blueprints and proprietary documents from the company with personally identifiable information (PII) redacted to a data breach marketplace forum back in June.

However, when the group made its first post, the .onion leak site used displayed a countdown timer that was set to 662 hours. Once this 28-day long timer comes to an end, the sale and negotiations for the data will begin. In a statement to BleepingComputer, ZeroX said that it intentionally chose “662 hours” as part of a “puzzle” for Saudi Aramco to solve.

According to ZeroX, the data dump contains full information on 14,254 employees including their names, photos passports, emails, phone numbers, residence permit (Iqama card) numbers, job title, ID numbers family information and more. However, it also contains project specifications, internal analysis reports, network layouts, location maps with precise coordinates and a list of Saudi Aramco's clients.

It's worth noting that the data breach suffered by Saudi Aramco's third-party contractors was neither a ransomware attack nor an extortion incident as ZeroX did not encrypt the company's systems or demand a ransom in exchange to unlock its data. Instead the group is selling off the data for $5m though it is also open to doing an exclusive, one-off sale in which it provides all of the data and wipes it from its systems for $50m.

We'll have to wait and see what happens when the countdown timer comes to an end but Saudi Aramco has said that the data breach has not affected its operations.

Via BleepingComputer

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.