JEDDAH — The cyber attacks that hit Saudi Arabia's oil giant Aramco and Qatari natural gas producer RasGas in August originated outside the Kingdom. Interior Ministry spokesman Maj. Gen. Mansour Al-Turki said at a press conference in Dhahran Sunday that an investigation concluded that an “organized foreign group ... was behind the attacks” and that Aramco employees and contractors were not involved. “It is in the interest of the investigation not to reveal any results,” he told reporters. The cyber attacks used a virus, known as Shamoon, which can spread through networked computers and ultimately wipes out files by overwriting them. The Interior Ministry and Aramco jointly conducted the investigation into the attack that affected some 30,000 of the firm's computers. Abdullah Al-Saadan, head of the Aramco inquiry team, said the August cyber attack on the company's computer network targeted not just the oil giant but the Kingdom's economy as a whole. On Aug. 27, Aramco said it had restored its main internal network after the Aug. 15 attack, which it described as a “malicious virus that originated from external sources.” The state-owned group which runs all of Saudi Arabia's oil production said at the time that its oil exploration and production were unaffected “as they operate on isolated network systems.” Al-Saadan of the Aramco said the attack aimed to stop gas and oil from flowing into local and international markets. He added despite the attacks, the company succeeded in continuing its work. He said the cyber attacks were eventually successful after a month. “The hackers used several methods to hide their location,” he said. They also managed to delete critical files from the computers and damaged machinery, he said. Necessary measures were taken and the company's website was restored in 24 hours despite the continuing attacks on the network until Sept. 13, Al-Saadan said.
