Saudi Arabia oil giant Aramco, the world’s biggest, has been targeted by malicious code in a cyber attack first, with some suggesting Iran is behind the assault.
The attack was first described by the computer security firm FireEye in a blog post last week, which did not name the victim of the attack. However, Foreign Policy obtained a copy of a confidential report authored by Area 1 Security, a computer security firm founded by veterans of the U.S. National Security Agency, and it identifies Aramco as the victim of the attack.
Here’s the ‘first’: The malware targeted the computer systems designed to prevent a disaster at an industrial facility.
The company denied the attack occurred.
“Saudi Aramco corporate and plants networks were not part of any cyber security attack or breach,” the company said.
Area 1’s assessment of the attack on Aramco identifies Iran as the likely perpetrator, but other computer security experts who have examined the incident caution against prematurely assigning responsibility.
“This is probably one of the most difficult attribution cases that I’ve ever looked at,” said one former American intelligence official familiar with the incident.
The malware was identified as Triton and, according to FireEye was largely unsuccessful. The cyber security firm said that Triton attacked a safety system known as Triconex, which is made by Schneider Electric, a German company. The safety system is used globally, and provides an emergency shutdown function. [source]
Information in this article helps satisfy Priority Intelligence Requirement 2: What is the current situation report and risk of war in each of the four flashpoints? To subscribe to one of our threat intelligence newsletters: Click here.