In 2012, threat actors wiped data from approximately thirty-five thousand computers belonging to Saudi Aramco, one of the world’s largest oil companies. Malware called Shamoon stole passwords, wiped data, and prevented computers from rebooting. Hackers calling themselves the “Cutting Sword of Justice” claimed responsibility for the incident, asserting they were retaliating against the al-Saud regime for what the group called widespread crimes against humanity. U.S. intelligence sources have attributed the attack to Iran. Less than two weeks after the Aramco incident, the Qatari gas giant RasGas was also knocked offline by suspected state-sponsored  attackers. 

The Saudi Aramco incident signaled Iran’s growing cyber capabilities and Tehran’s willingness to use them to promote its interests, particularly in its battle of influence in the Middle East with Saudi Arabia. At the time, some countries had the capability to remotely destroy computer data, but there were few publicly known instances of a country using them, and Iran may have been responding to a previous attack against the Iranian Oil Ministry and the National Iranian Oil Company that used a malware called Wiper.