As reported by BleepingComputer, the threat actors behind the breach did not manage to infiltrate the network and systems of the Saudi Arabian Oil Company but rather those of third-party contractors working for the company.
The cybercriminal group known as ZeroX is now selling 1TB of proprietary Saudi Aramco data on an online hacking forum starting at $5m but the price is negotiable. The group claims that the data itself was stolen from the company sometime last year though some of the files contained in the dump date all the way back to 1993.
BleepingComputer reached out to the threat actors that comprise ZeroX to find out how they gained access to the systems of Saudi Aramco’s third-party contractors and while the group did not name the exact vulnerability that was exploited, they did say it was a zero-day.
The countdown begins
To stoke interest in its upcoming sale, ZeroX posted a small sample set of Saudi Aramco’s data which contained blueprints and proprietary documents from the company with personally identifiable information (PII) redacted to a data breach marketplace forum back in June.
However, when the group made its first post, the .onion leak site used displayed a countdown timer that was set to 662 hours. Once this 28-day long timer comes to an end, the sale and negotiations for the data will begin. In a statement to BleepingComputer, ZeroX said that it intentionally chose “662 hours” as part of a “puzzle” for Saudi Aramco to solve.
According to ZeroX, the data dump contains full information on 14,254 employees including their names, photos passports, emails, phone numbers, residence permit (Iqama card) numbers, job title, ID numbers family information and more. However, it also contains project specifications, internal analysis reports, network layouts, location maps with precise coordinates and a list of Saudi Aramco’s clients.
It’s worth noting that the data breach suffered by Saudi Aramco’s third-party contractors was neither a ransomware attack nor an extortion incident as ZeroX did not encrypt the company’s systems or demand a ransom in exchange to unlock its data. Instead the group is selling off the data for $5m though it is also open to doing an exclusive, one-off sale in which it provides all of the data and wipes it from its systems for $50m.
We’ll have to wait and see what happens when the countdown timer comes to an end but Saudi Aramco has said that the data breach has not affected its operations.
social experiment by Livio Acerbo #greengroundit #techradar https://www.techradar.com/news/saudi-aramco-hit-by-1tb-data-breach/