MILAN/NEW YORK (Reuters) – A hack on Italian oil services firm Saipem that crippled more than 300 of the company’s computers used a variant of the notorious Shamoon virus, Saipem said, a development that links the case to a massive attack in 2012 on Saudi Aramco.
“The cyber attack hit servers based in the Middle East, India, Aberdeen and in a limited way Italy through a variant of Shamoon malware,” the company said in a statement on Wednesday.
Work is under way “in a gradual and controlled manner” to fully restore operations after the attack, it said.
The Shamoon virus was used in some of the most damaging cyber attacks in history, starting in 2012 when it crippled tens of thousands of computers at Saudi Aramco and RasGas Co Ltd in the Middle East – attacks that cybersecurity researchers said were conducted on behalf of Iran.
Saudi Aramco is Saipem’s biggest customer.
The attack crippled between 300 and 400 servers and up to 100 personal computers out of a total of about 4,000 Saipem machines, the company’s head of digital and innovation, Mauro Piasere, told Reuters.
No data will be lost because the company had backed up the affected computers, he said. The company said it first identified the attack on Monday.
Mr Piasere said the company does not know who was responsible for the attack.
However, Adam Meyers, vice president with US cybersecurity firm CrowdStrike, said he believed Iran was responsible because early technical analysis of the new Shamoon variant showed similarities to the 2012 campaign.
Shamoon disables computers by overwriting a file known as the master boot record, making it impossible for devices to start up. Former US Defense Secretary Leon Panetta has said the 2012 hack of Saudi Aramco was probably the most destructive cyber attack on a private business.