Threat actors are reportedly offering 1 TB of proprietary data stolen from the Saudi Arabian Oil Company on the darknet for a negotiable price of $5m (€4.25m).
The material includes: full information on 14,254 employees, including email address, phone number residence permit number and ID numbers; a list of company clients with invoices and contracts; internal analysis reports; agreements, letters and pricing sheets; and a network layout mapping out IP addresses, Wi-Fi access points, IP cameras and IoT devices, IT sector journal Bleeping Computer reported.
The details included project specification for systems related to electrical power, architecture, engineering, construction management, the environment, machinery, vessels, telecommunications and other areas.
The company, better known as Saudi Aramco, said the data breach occurred at third-party contractors, not through Aramco’s systems directly.
“We confirm that the release of data has no impact on our operations, and the company continues to maintain a robust cyber security posture,” a spokesperson said.
The hackers, known as ZeroX, said they broke into the company’s systems by a zero-day exploitation, Bleeping Computer reported.
Missed PrivSec Global’s livestream experience?
No problem, simply CLICK HERE to access the sessions on demand