A new string of hacking attacks in the Middle East is now targeting gas and oil companies. The most recent attack has hit one of the largest producers of liquefied natural gas in the region,prompting the company to take down its email servers and website. The attack is the second to hit an energy company in the region.
RasGas, a Qatar-based energy company said that an “unknown virus” targeted the company’s website and email servers, which were quickly taken offline in response. According to company representatives, the company’s operational systems were not affected and production continue as usual. The company exports about 36.3 million tons of liquefied natural gas every year.
The world’s largest oil company, the Saudi Aramco, was also also targeted about four days previously. Saudi Aramco was forced to take down 30,000 workstations to prevent the malware from spreading as well as to fix it. Experts think that the malware spread in the network by first gaining entry into one of the networked personal computers. Despite the number of computers taken offline, Saudi Aramco claimed its production was not affected.
Experts have indicated that they are tracking a malware campaign that targets enegy companies in the region. Technically a trojan, Shamoon, as what researchers have dubbed it, first gains entry into a computer then wreaks havoc by deleting everything on the harddrive permanently. It also prevents infected machines from restarting. A blog post of Symantec, researchers said that Shamoon, also known as Disttrack, has also hit an unnamed energy company.
Seculert, an Israeli-based security company, said that Shamoon’s deleting function is only one of the two stages discovered in the malware. Seculert indicated that the malware is only targeting specific companies in the industry and that the function of wiping out hard drives can be only one of the two stages embedded in the software. By deleting the contents of the hard drive, Seculert speculates that it is an effective way to cover the action of the other stage.
No reports have confirmed yet whether or not the same malware struck both RasGas and Saudi Aramco.
Researchers have noted though that both attacks seem to have caused inconveniences than catastrophic events. If this is indeed the case, the real unsung heroes in this campaign are the engineers who promptly took their website and email servers offline, and have intelligently separated them from the company’s critical energy production and delivery systems.