US officials: Cyberattacks on Aramco, RasGas may have come from Iran

The Shamoon virus that is thought to have attacked Saudi oil company Aramco and Qatar’s RasGas weeks later may have been launched by Iran, American intelligence officials have said.

The cyberattack on Aramco was “probably the most destructive attack that the private sector has seen to date,” US Defense Secretary Leon E. Panetta said during a meeting with business leaders last week.

Though Panetta mentioned Iran and cyber warfare in the broadest terms, other officials told media outlets that a connection between Iran and the Shamoon virus definitely existed.

The New York Times reports:

Saudi Arabia is Iran’s main rival in the region and is among the Arab states that have argued privately for the toughest actions against Iran. Aramco, the Saudi state oil company, has been bolstering supplies to customers who can no longer obtain oil from Iran because of Western sanctions…

“His speech laid the dots alongside each other without connecting them,” James A. Lewis, a senior fellow at the Center for Strategic and International Studies, wrote Friday in an essay for ForeignPolicy.com. “Iran has discovered a new way to harass much sooner than expected, and the United States is ill-prepared to deal with it.”

It took weeks for Aramco and RasGas to recover from the virus attack that infected their computer systems, though both assert that gas and oil production were not affected by the infiltration.

Saudi Aramco, which was struck on Aug. 15, eventually threw out some 30,000 computers infected with the virus.

Employees at RasGas, whose website went down after it was infected later that month, had no access to email for weeks as the company struggled to get back online.

Thoughts?

Credit: Photo by Mohammed Al-Meer

Please read our Comments Policy before joining the discussion. By commenting, you agree to abide by it.

Some comments may not be automatically published. This is not action taken by us, but instead, depending on whether or not you have verified your email address, or if your post triggers automatic flags.