Although a little-known group called the Cutting Sword of Justice has claimed responsibility for last month's cyberattack against Saudi Aramco, it's come to light that the group likely didn't do it on their own.
According to a source close to the forensic investigation, "someone who had inside knowledge and inside privileges within the company" helped the hackers pull off what has been described as one of the most harmful Internet attacks against a single company, Reuters reported.
In Saudi Arabia, open political dissent is not tolerated, Reuters pointed out, making this latest development very unusual.
Saudi Aramco is Saudi Arabia's state-run national oil company. The Arab nation sits atop roughly one-fifth of the world’s oil, whose exports account for 80 to 90 percent of all Saudi revenues and about 40 percent of the country's gross domestic product.
The worm the hackers used, known as Shamoon, did not operate secretly like most malware does, but instead would transmit data to a remote server and then erase it from the infected machine. Shamoon even went so far as to erase the master boot record, rendering the computer completely useless.
After the attack, Saudi Aramco confirmed that it had led to the scrubbing of 30,000 computers and the shutdown of just as many work terminals.
The company's top brass was quick to point out that although the attack had been widespread and disruptive, it had zero impact on oil producing operations. "Not a single drop of oil was lost," Saudi Aramco CEO Khalid Al-Falih said to the Saudi government.
Cutting Sword of Justice described the attack as politically motivated and claims to have stolen company records. Although the hackers have threatened to release corporate secrets, so far no internal Saudi Aramco documents have been released.