{"id":11157,"date":"2012-08-16T00:00:00","date_gmt":"2012-08-16T00:00:00","guid":{"rendered":"http:\/\/localhost\/cyber-operations\/compromise-of-saudi-aramco-and-rasgas\/"},"modified":"2012-08-16T00:00:00","modified_gmt":"2012-08-16T00:00:00","slug":"compromise-of-saudi-aramco-and-rasgas","status":"publish","type":"post","link":"https:\/\/www.cfr.org\/cyber-operations\/compromise-of-saudi-aramco-and-rasgas","title":{"rendered":"Compromise of Saudi Aramco and RasGas"},"content":{"rendered":"<p>In 2012, threat actors wiped data from approximately <a href=\"http:\/\/money.cnn.com\/2015\/08\/05\/technology\/aramco-hack\/\">thirty-five thousand computers<\/a> belonging to Saudi Aramco, one of the world\u2019s largest oil companies. <a href=\"http:\/\/www.computerworld.com\/article\/2491501\/malware-vulnerabilities\/kill-timer-found-in-shamoon-malware-suggests-possible-connection-to-saudi-ar.html\">Malware called Shamoon<\/a> stole passwords, wiped data, and prevented computers from rebooting. Hackers calling themselves the &#8220;Cutting Sword of Justice&#8221; claimed responsibility for the incident, asserting they were retaliating against the al-Saud regime for what the group called widespread crimes against humanity. U.S. intelligence sources have <a href=\"http:\/\/www.nytimes.com\/2012\/10\/24\/business\/global\/cyberattack-on-saudi-oil-firm-disquiets-us.html\">attributed the attack<\/a> to Iran. Less than two weeks after the Aramco incident, <a href=\"http:\/\/www.theregister.co.uk\/2012\/08\/30\/rasgas_malware_outbreak\/\">the Qatari gas giant RasGas<\/a> was also knocked offline by suspected state-sponsored &nbsp;attackers.&nbsp;<\/p>\n<p>The Saudi Aramco incident signaled Iran\u2019s growing cyber capabilities and Tehran\u2019s willingness to use them to promote its interests, particularly in its battle of influence in the Middle East with Saudi Arabia. At the time, some countries had the capability to remotely destroy computer data, but there were few publicly known instances of a country using them, and Iran may have been responding to a previous attack against the Iranian Oil Ministry and the National Iranian Oil Company that used a <a href=\"http:\/\/supchina.com\/2016\/06\/22\/book-excerpt-hacked-world-order-adam-segal\/\">malware called Wiper<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In 2012, threat actors wiped data from approximately thirty-five thousand computers belonging to Saudi Aramco, one of the world\u2019s largest oil companies. Malware called Shamoon stole passwords, wiped data, and prevented computers from rebooting. Hackers calling themselves the &#8220;Cutting Sword of Justice&#8221; claimed responsibility for the incident, asserting they were retaliating against the al-Saud regime [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_cloudinary_featured_overwrite":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2],"tags":[],"cyber_operation":[38],"state_sponsor":[76],"victim_category":[138],"victim_government_response":[194],"victim":[145],"class_list":["post-11157","post","type-post","status-publish","format-standard","hentry","category-incident","cyber_operation-data-destruction","state_sponsor-iran-islamic-republic-of","victim_category-private-sector","victim_government_response-yes","victim-saudi-arabia"],"acf":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/posts\/11157","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/comments?post=11157"}],"version-history":[{"count":0,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/posts\/11157\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/media?parent=11157"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/categories?post=11157"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/tags?post=11157"},{"taxonomy":"cyber_operation","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/cyber_operation?post=11157"},{"taxonomy":"state_sponsor","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/state_sponsor?post=11157"},{"taxonomy":"victim_category","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/victim_category?post=11157"},{"taxonomy":"victim_government_response","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/victim_government_response?post=11157"},{"taxonomy":"victim","embeddable":true,"href":"https:\/\/www.cfr.org\/cyber-operations\/wp-json\/wp\/v2\/victim?post=11157"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}