14 DAY TRIAL // Sources close to Saudi Aramco’s investigation on the recent cyberattacks claim that the company has identified the location of the hackers and the devices they utilized in the campaign against the oil giant.
Apparently, Romanian hackers are responsible for the attacks that forced the company to take its public-facing website offline and affected a large part of its networks.
The attacks on Aramco were claimed by at least two different hacker collectives. Also, rumors were floating around about Aramco employees being involved.
However, since the groups were called the Arab Youth Group and the Cutting Sword of Justice, everyone assumed that they most likely resided somewhere in the Middle East or its vicinity.
Sources told the Saudi Gazette that Aramco was able to identify the perpetrators in such a short amount of time because of “the vast capabilities and potentials” it possesses.
“Aramco will not hide behind electronic websites to deny any of its news for it has a highly qualified team and wide network of contacts which it can use to publish its information in the most reputable and prestigious newspapers and news agencies in the world,” the anonymous sources said.
As far as we know, no Romanian hacker collectives have taken credit for the attack. Then again, they might have been silent in order to protect their identities as best as they could.
Another interesting aspect is related to the piece of malware that has been supposedly utilized against the company. The Shamoon malware doesn’t appear to have anything to do with Romania.
Experts say that it may have been created by America-haters and its name appears to be connected to an institution from Israel. On the other hand, the malware could have been purchased by the attackers from someone else.
Saudi Aramco was breached for the first time on August 15, when the attackers claimed to have “destroyed” around 30,000 machines owned by the company. Then, on August 25, they leaked some information on the networking devices utilized by the company in what appeared to be a second breach.