Saudi Aramco ‘Data Breach’ not a ransomware attack: ZeroX group used 0Day exploit on third-party servers to grab 1TB data now available on Dark Web

Saudi Aramco Data Breack ZeroX Group Not Ransomware
Not a ransomware attack. Pic credit: PROZach Boumeester/Flickr

The Saudi Arabian Oil Company or Saudi Aramco has suffered a rather big data breach. However, hackers haven’t comprised the company’s secured networks.

Saudi Aramco has confirmed that it was the victim of a data breach but added that its servers and databases remain secured. The hackers appear to have comprised networks of “third-party contractors” to scrape 1TB worth of sensitive information.

How did hackers get hold of 1TB worth of confidential information of Saudi Aramco?

With the rapid increase in ransomware attacks, earlier reports indicated that Saudi Aramco may have been a victim as well. However, the leading public petroleum and natural gas company has confirmed that its networks are secure.

Simply put, hackers did not breach Saudi Aramco’s servers. Instead, a threat actor group known as ZeroX has claimed responsibility. More importantly, the attackers are offering 1 TB of proprietary data belonging to Saudi Aramco for sale.

ZeroX claims the group gained the data by hacking Aramco’s “network and its servers,” sometime in 2020. In other words, information is as recent as 2020 and dates back to 1993.

Interestingly, the group reportedly used “zero-day exploitation” to gain unauthorized entry, but hasn’t offered any more information. A small sample set of Aramco’s blueprints and proprietary documents with redacted PII (Personal Identifiable Information) is available for scrutiny on the Dark Web.

Saudi Aramco 1TB data dump contains a lot of Personal Identifiable Information:

Although Saudi Aramco’s servers remain secured, the company would surely be concerned about the contents of the data breach. The group claims the 1 TB data dump includes PII documents pertaining to Saudi Aramco’s refineries located in multiple Saudi Arabian cities, including Yanbu, Jazan, Jeddah, Ras Tanura, Riyadh, and Dhahran.

  • Full information on 14,254 employees: name, photo, passport copy, email, phone number, residence permit (Iqama card) number, job title, ID numbers, family information, etc.
  • Project specification for systems related to/including electrical/power, architectural, engineering, civil, construction management, environmental, machinery, vessels, telecom, etc.
  • Internal analysis reports, agreements, letters, pricing sheets, etc.
  • Network layout mapping out the IP addresses, Scada points, Wi-Fi access points, IP cameras, and IoT devices.
  • Location map and precise coordinates.
  • List of Aramco’s clients, along with invoices and contracts.

The data is so valuable, prospective buyers need to pay $2000 just to access the sample for perusal. The ZeroX group is demanding compensation in Monero (XMR), a cryptocurrency. Interested parties who wish to access the entire data dump need to pay $5 Million (negotiable).

In a thinly veiled offer, the ZeroX group has also put forth an exclusive offer. Any party that wants exclusive access, with complete deletion of information from ZeroX’s end, must pay $50 Million.

Notify of
1 Comment
Newest Most Voted
Inline Feedbacks
View all comments
5 months ago

The whole data now is for 2M

Would love your thoughts, please comment.x