Hackers have obtained one terabyte of sensitive information in Aramco leak project. They are selling the data on the dark web. Aramco, the renowned Saudi Arabian company in oil industry is one of the biggest petroleum and natural gas corporations across the world.
The oil company recruits over 66,000 people and provides over $230 billion in sales each year. The data is available for a negotiated price of at least $5m, according to the unknown hackers.
Third-party contractor had the main role in the Aramco leak, according to the company officials. They also claim that the breach had no effect on the business performance.
A security threat organisation, ZeroX, provided the startling offer of 1 TB of Aramco’s confidential data. ZeroX says the Aramco leak realized last year in a complex operation targeting its “network and servers.”
Based on ZeroX, the data on the release is fresh while some parts of the files date back to 28 years ago. The team did not specify the foibles utilized in Aramco leak and sufficed to referring to it as “zero-day exploitation.”
A slight part of Aramco’s blueprints and confidential papers were originally placed on a data breach trade platform last month. The publishing of papers with hidden PII aimed at marketing and encouraging potential clients.
.Onion breach site featured a stopwatch set to 662 hours, less than a month, at the point of disclosure publication. The sale process and talks would commence after the time runs up. The decision about “662 hours” was not accidental according to ZeroX. It was a “mystery” for Saudi Arabia and Aramco to solve, although the specific rationale for the pick remains unknown.
The vulnerability of the Saudi infrastructure and sensitive sectors hit the local headlines during the past days. The utility of the data, obtained in Aramco leak, against the strategic facilities may lead to catastrophic consequences.
Multiple parties in the region need the data to proceed with their political and security agenda. Houthi movement will certainly track the data. The group has waged multiple drone attacks against Aramco facilities during the past years.
The Aramco leak Data
The 1 TB dump, according to ZeroX, contains documents related to Aramco refine facilities in several cities across Saudi Arabia. Riyadh, Jeddah, Yanbu, Dhahran, Jazan, and Ras Tanura are in the list of cities whose refinery documents are on sale by the hackers.
The data also includes personal information and data of more than 14,254 workers. Name, picture, passport, email, number, residency permit number, occupation, ID numbers, and familial details are among the information.
ZeroX also gained access to documents on business plan, accords, correspondence, price sheets, and so forth. the 1 TB-data also contains IP addresses, Wi-Fi access points, IP cameras (digital cameras with access to IP), and IoT equipment.
The list also extends to sensitive data like details of the structure of managements in power, architecture, engineering, and construction. Environment policies, mechanical specifications, vessels, and telecommunications didn’t remain safe either.
Aramco leak also divulged data about marketing, clients, lawyers, and third party agents. The group removed the “personally identifiable information” (PII) from samples on the .onion in the dark web.
The operation is not a “ransomware assault,” despite certain reports revolving around the web. Both parties to the Aramco leak, the ZeroX and the Aramco officials, rejected such a theory.
“Aramco recently became aware of the indirect release of a limited amount of company data which was held by third party contractors,” Aramco stressed in a statement.
9 years ago, another major data leak affected Saudi Aramco’s networks resulting in the deletion of over 30,000 computer hard discs. The “Shamoon virus” was used in an electronic warfare that was reportedly related to Iran. Saudi Arabia, nevertheless, refrained from alleging a special country or party in 2021 Aramco leak.