Root-cause analysis not yet published. The incident description below contains all currently available signal — review the attack transaction directly for definitive forensics.
A blackmailer with an ID of ZeroX is suspected of using a 0day vulnerability attack to steal 1TB of Saudi Aramco's corporate data resources. According to the ID's post on the dark web forum, the data leaked this time involves the complete information of 14,254 employees, internal analysis reports, pricing tables, refinery locations, enterprise-related system project specifications, and the most important customer data, etc. Sensitive information, the earliest data range can be traced back to 1993, spanning 28 years. The blackmailer gave Saudi Aramco a validity period of 662 hours (approximately 28 days) and demanded to pay 50 million U.S. dollars in Monero or sell it for 5 million U.S. dollars. This has also become a large-scale data breach after Saudi Aramco was hacked in 2012, 35,000 computers were affected, and 75% of the company’s computer data was deleted. Attack method (per SlowMist): Information Leakage. Reported loss: -.
- chain
- —
- protocol
- Saudi Aramco
- bug_class
- unknown
- date_occurred
- 2021-07-04
- loss_usd
- —
- source_id
- sm:saudi-aramco::2021-07-04