The threat actors are offering Saudi Aramco’s data starting at a negotiable price of $5 million.
Saudi Aramco has pinned this data incident on third-party contractors and tells BleepingComputer that the incident had no impact on Aramco’s operations.
“Zero-day exploitation” used to breach network
This month, a threat actor group known as ZeroX is offering 1 TB of proprietary data belonging to Saudi Aramco for sale.
ZeroX claims the data was stolen by hacking Aramco’s “network and its servers,” sometime in 2020.
As such, the files in the dump are as recent as 2020, with some dating back to 1993, according to the group.
When asked by BleepingComputer as to what method was used to gain access to the systems, the group did not explicitly spell out the vulnerability but instead called it “zero-day exploitation.”
To create traction among prospective buyers, a small sample set of Aramco’s blueprints and proprietary documents with redacted PII were first posted on a data breach marketplace forum in June this year:
However, at the time of initial posting, the .onion leak site had a countdown timer set to 662 hours, or about 28 days, after which the sale and negotiations would begin.
ZeroX told BleepingComputer that the choice of “662 hours,” was intentional and a “puzzle” for Saudi Aramco to solve, but the exact reason behind the choice remains unclear:
The group says that the 1 TB dump includes documents pertaining to Saudi Aramco’s refineries located in multiple Saudi Arabian cities, including Yanbu, Jazan, Jeddah, Ras Tanura, Riyadh, and Dhahran.
And, that some of this data includes:
- Full information on 14,254 employees: name, photo, passport copy, email, phone number, residence permit (Iqama card) number, job title, ID numbers, family information, etc.
- Project specification for systems related to/including electrical/power, architectural, engineering, civil, construction management, environmental, machinery, vessels, telecom, etc.
- Internal analysis reports, agreements, letters, pricing sheets, etc.
- Network layout mapping out the IP addresses, Scada points, Wi-Fi access points, IP cameras, and IoT devices.
- Location map and precise coordinates.
- List of Aramco’s clients, along with invoices and contracts.