Attackers have stolen 1 TB of proprietary data belonging to Saudi Aramco and are offering it for sale on the darknet. The Saudi Arabian Oil Company, better known as Saudi Aramco, is one of the largest public petroleum and natural gas companies in the world. The oil giant employs over 66,000 employees and brings in almost $230 billion in annual revenue. The threat actors are offering Saudi Aramco's data starting at a negotiable price of $5 million. Saudi Aramco has pinned this data incident on third-party contractors and tells BleepingComputer that the incident had no impact on Aramco's operations.
This month, a threat actor group known as ZeroX is offering 1 TB of proprietary data belonging to Saudi Aramco for sale. ZeroX claims the data was stolen by hacking Aramco's "network and its servers," sometime in 2020. As such, the files in the dump are as recent as 2020, with some dating back to 1993, according to the group. When asked by BleepingComputer as to what method was used to gain access to the systems, the group did not explicitly spell out the vulnerability but instead called it "zero-day exploitation."
ZeroX shared with BleepingComputer that up until this point, they have been negotiating the sale with five buyers.
[Also Covered By]: GIZMODO [gizmodo.com]