Researchers at US antivirus firm McAfee say the cyberattacks that have hit Saudi Arabia over the past few months are continuing, revealing new details about an unusually disruptive campaign.
Speaking ahead of the blog post’s publication on Wednesday, McAfee chief scientists Raj Samani said the latest intrusions were very similar, albeit even worse, to the malicious software that wrecked computers at Saudi Arabia’s state-run oil company in 2012.
“This campaign was a lot bigger,” Samani said. “Way larger in terms of the amount of work that needed to be done.”
It’s a striking claim. The 2012 intrusions against Saudi Aramco and Qatari natural gas company RasGas – data-wiping attacks that wrecked tens of thousands of computers – were among the most serious cyberattacks ever publicly revealed.
At the time, the United States called it “the most destructive attack that the private sector has seen to date”.
Echoing research done by others, McAfee said the most recent wave of attacks drew heavily on the malicious code used in the 2012 intrusions.
McAfee also said that some of the code appears to have been borrowed by a previously known hacking group, Rocket Kitten, and used digital infrastructure also employed in a cyberespionage campaign dubbed OilRig.
US cybersecurity firms have tied both to Iran, with greater or lesser degrees of certainty.
McAfee stopped short of linking any particular actor to the most recent attacks.
Saudi officials and news media have given little detail about the intrusions beyond saying that more than a dozen government agencies and companies were affected, and a government adviser did not immediately return a message seeking comment.
The Iranian embassy in Paris did not immediately return messages.