• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer
  • Jobs
  • Career
    • Cyber Security Training
    • Work from Home
    • Cyber Security Analyst
    • Remote Work – Six Ways to Keep Your Data Safe When Working Remotely
  • Field Guide
  • Newsletter Signup
  • Deals
  • News
AskCyberSecurity.com

AskCyberSecurity.com

Cyber Security News & Information

  • Home
  • Data Privacy
    • Gamers
    • Government Cyber Security
      • Legislation
      • Standards
        • What are the risks of computer security?
        • Medical Cyber Security
    • Social Media
  • Security
    • Data Breaches
    • Scams
    • Malware
  • Software
    • Apps
    • Web Browsers
  • Glossary
    • Cyber Security Acronyms
  • About Ask Cyber Security
    • Authors
    • Contact Us
  • VPN
    • How Do I Know If My VPN is Working?
    • Best Free VPN iPhone
    • Why Use a VPN?
    • NordVPN vs IPVanish
    • Private Internet Access Download
    • Best VPN for Streaming
      • TikTok VPN
    • VPN Porn
    • Computer Security Software – What You Really Need
  • Tutorials
  • ChatGPT
    • Does ChatGPT Save Data?
AskCyber Home » News » News » Saudi Aramco Data Leak Traced to Supplier Attack

Saudi Aramco Data Leak Traced to Supplier Attack

2021-07-24 by Grace Choi

Saudi Aramco Data Leak

Oil and Natural Gas Firm Faces Ransom Demand From Extortionists

Saudi Arabian Oil Company faces a ransom demand of $50 million from extortionists after a data leak of corporate data. According to the oil and natural gas firm, corporate data was leaked after attackers breached one of its suppliers. The attacker is demanding the ransom in the form of Monero cryptocurrency.

Leaked Data Includes Information Relating To 14,000 Employees

Although Saudi Aramco’s internal IT systems were not affected, their supplier’s leaked data included information related to about 14,000 employees.

Leaked information includes:

  • Passport details
  • Phone numbers
  • Identification numbers
  • Invoices
  • Contracts
  • Client data
  • Documentation about Saudi Aramco’s network

Compromised employer information can be used in future cyberattacks. for example, cybercriminals attempt to find out which employees have access to human resources information or financial account. your taters may launch future cyber attacks using fake invoices that impersonate vendors. the goal is to trick someone with the ability to make payments into thinking they are paying a legitimate invoice.

Cybercriminals also engage in cyber espionage I may work at the behest of other governments.

According to the oil giant, Saudi Aramco’s internal IT systems were not affected by the breach. Unlike the recent attack on Colonial Pipeline, the one on the Saudi Arabian company did not affect its oil and gas operations.

“Aramco recently became aware of the indirect release of a limited amount of company data which was held by third-party contractors…” a Saudi Aramco representative told Information Security Media Group.

“We confirm that the release of data was not due to breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture.”

Carte blanch access means contractors may complete freedom to act as they wish or presume best. This sometimes does not include acting with information security best practices. When it comes to scaling a business and increasing profits, companies often focus on product, sales, and customer service.

Cyber security becomes a second or even last priority to business owners. Many will opt to offload or outsource portions of their operations to third parties, giving them the freedom to operate in the way they deem fit for the situation. One less thing to worry about when operating a large company or service is a welcome notion. However, the risk involved in this approach is proving to be higher as reports are increasing of third-party breaches.

Saudi Aramco has not identified the supplier in question or the intrusion method.

Attacker Zerox296 Claims Responsibility

An attacker going by the name Zerox296 claims to be responsible for the cyberattack on Saudi Aramco.

Zerox296 claims that they were able to exploit a zero-day vulnerability in a cloud storage platform in order to steal 1TB of corporate data. Whether this was the true nature of the exploit is not yet confirmed as no evidence has been provided to support it.

The attacker posted their ransom demand of $50 million in Monero on a ransomware extortion site that was created specifically for this attack using an anonymizing Tor network. Using this network makes the website difficult to trace. The stolen data was advertised on a well-known leak site.

Filed Under: News

Primary Sidebar

Subscribe to Our Free Newsletter

We Don't Share or Sell Your Info

Web Browsers

Where Are My Saved Passwords in Chrome?

Google Removes 70 Malicious Browser Add-ons from Chrome Web Store

Firefox 75 Reports Your Browser Settings to Mozilla

Categories

Cyber Security Field Guide

Computer Security While TravelingGet Our Cyber Security Field Guide - Available on Amazon!

Recent Posts

Security Marketing Manager – Remote

Sr. Associate, Cybersecurity Architect – Pfizer

Strategic Customer Success Manager – Cybersecurity – Opportunity for Working Remotely

Top 20 Passwords Leaked on Dark Web

ISU Cybersecurity Leader Job Opening

Cyber Security News

Top 20 Passwords Leaked on Dark Web

… [Read More...] about Top 20 Passwords Leaked on Dark Web

Apple Warns of Actively Exploited Zero-Day Flaw

… [Read More...] about Apple Warns of Actively Exploited Zero-Day Flaw

IRS Stops Facial Recognition System for Online Access

… [Read More...] about IRS Stops Facial Recognition System for Online Access

National Cybersecurity Alliance Announces Data Privacy Week

… [Read More...] about National Cybersecurity Alliance Announces Data Privacy Week

More Cyber Security News

Tags

amazon Android Apple bitcoin China chrome CISA credit card DarkSide DHS DOJ Equifax Europe Facebook facial recognition FBI Firefox FTC games GDPR Google Government hacker identity theft India iPhone Iran IRS LinkedIn Microsoft North Korea PayPal phishing phishing email ransomware REvil Russia smartphone T-Mobile TikTok tutorial VPN WhatsApp WiFi Windows

Government

CBP Looks to Access Airline Passenger Data

FTC Releases Cyber Threat Video Playlist

Malware Found on US Government Funded Phones

UK NCA Reaches Out to Youth to Deter Cybercrimes

More Posts from this Category

Footer

Menu

  • Home
  • About
  • Authors
  • Newsletter Signup
  • PRIVACY POLICY

Search

Why Use a VPN?

NordVPN vs IPVanish VPN Review

NAVIGATION

  • Data Breaches
  • Data Privacy
  • Gamers
  • Scams
  • Malware

MEMBER NJCCIC

New Jersey Cybersecurity & Communications Integration Cell

STAY CONNECTED

  • Facebook
  • Instagram
  • Pinterest
  • YouTube
  • Twitter
  • RSS

Copyright © 2023 · AskCyberSecurity.com · METRONY, LLC

Go to mobile version