State oil producer Saudi Aramco is still repairing damage from a virus which infected thousands of employee computers in mid-August but the control systems and oilfield data are unaffected, sources familiar with the matter said.
Eleven days after the cyber attack , the company was still trying to establish the identity of the attackers, what data had been lost, and whether affected computers could be restored, the sources said. One of Saudi Aramco’s websites, www.aramco.com , which was taken offline soon after the attack, remained down.
Emails sent by Reuters to people within the company bounced back. “Our computer systems were hacked, and this virus appears to be coming from outside and not from someone inside Aramco, but an investigation to find out what happened is still ongoing,” one Saudi source said. “Only personal computers were affected and until now some of these computers aren’t working... This does not include any sensitive information related to production and no damage was done to any of the systems controlling production.” Contacted by Reuters, a spokesman for Saudi Aramco, the world’s largest oil producer, declined to comment. Immediately after the attack, the company announced it had isolated its electronic systems from the outside world to prevent further attacks.
Information technology experts have warned that cyber attacks on countries’ energy infrastructure, whether conducted by hostile governments, militant groups or private “hacktivists” making political points, could disrupt energy supplies. Iran, the target of international economic sanctions on focused on its oil industry over its disputed nuclear programme, has been hit by several cyber attacks in the last few years. In April, a virus targeted Iranian oil ministry and national oil company networks, forcing Iran to disconnect the control systems of oil facilities including Kharg Island, which handles most of the country’s crude exports.