Attackers have stolen 1 TB of proprietary data belonging to the Saudi Arabian Oil Company, Saudi Aramco and have put it for sale on the darknet.
Saudi Aramco, is one of the largest public petroleum and natural gas companies in the world. The oil giant employs over 66,000 employees and has an annual revenue of $230 billion.
The hackers are offering Saudi Aramco’s data starting at a negotiable price of $5 million.
Saudi Aramco has attributed this data incident on third-party contractors and stated that the incident had not affected Aramco’s operations.
A threat actor group known as ZeroX claims the data was stolen by hacking Aramco’s “network and its servers,” sometime in 2020.
The files in the dump are as recent as 2020, with some dating back to 1993, according to the group.
Even though the group did not specify how they gained access to the systems, they called it “zero-day exploitation.”
In order to pull some prospective buyers, a small sample set of Aramco’s blueprints and proprietary documents with redacted PII were first posted on a data breach marketplace forum in June this year.
However, at the time of initial posting, the .onion leak site had a countdown timer set to 662 hours, or about 28 days, after which the sale and negotiations would begin.
According to the group, the 1 TB dump includes documents pertaining to Saudi Aramco’s refineries located in multiple Saudi Arabian cities, including Yanbu, Jazan, Jeddah, Ras Tanura, Riyadh, and Dhahran.
Some of this data includes:
- Full information on 14,254 employees: name, photo, passport copy, email, phone number, residence permit (Iqama card) number, job title, ID numbers, family information, etc.
- Project specification for systems related to/including electrical/power, architectural, engineering, civil, construction management, environmental, machinery, vessels, telecom, etc.
- Internal analysis reports, agreements, letters, pricing sheets, etc.
- Network layout mapping out the IP addresses, Scada points, Wi-Fi access points, IP cameras, and IoT devices.
- Location map and precise coordinates.
- List of Aramco’s clients, along with invoices and contracts.
The samples released by ZeroX on the leak site have personally identifiable information (PII) redacted, and a 1 GB sample alone costs US$2,000, paid as Monero (XMR).
A party requesting for an exclusive, one-off sale is expected to pay a whopping US$50 million.
Even though there have been some speculations of labeling this incident a “ransomware attack,” both the threat actor and Saudi Aramco have confirmed that this is not a ransomware incident.
Image Credits : NS Energy