A hacking group has released one million records and accounts from banks, government agencies and other sources.
The group, calling itself Team GhostShell posted compromised databases from a Chinese mainframe, a US stock exchange mainframe and access points to three or four Department of Homeland Security servers among other sources.
Security analysts have confirmed that the data released includes at least 30,000 records, with data including credit histories from banks, administrator login information, usernames and passwords and files from content management systems.
Security company Imperva said that a lot of the data appeared to have been taken using SQL injection attacks.
In a statement accompanying the records, Team GhostShell said that the 'Project HellFire' release was its "final form of protest this summer against the banks, politicians and for all the fallen hackers this year".
Case 1:
Saudi Aramco has said that it has restored 30,000 workstations that had been hit by a hack attack.
The oil company said that it had been affected by a malware attack from 'external sources'.
On 15th August Aramco said that it hadcut off external access to its systems following a hack attack, but the company claimed that oil production had not been affected. The company web site is still apparently inaccessible.
"We addressed the threat immediately, and our precautionary procedures, which have been in place to counter such threats, and our multiple protective systems, have helped to mitigate these deplorable cyber threats from spiralling," said Khalid A. Al-Falih, president and CEO, Saudi Aramco.
"Saudi Aramco is not the only company that became a target for such attempts, and this was not the first nor will it be the last illegal attempt to intrude into our systems," said Al-Falih. "We will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber-attack."
A previously unknown hacker group, calling itself 'Cutting Sword of Justice' claimed responsibility for the attack, and posted blocks of what they claimed were infected IP addresses on Pastebin.
The group said that the attacks were due to Saudi government support for "crimes and atrocities" in countries including Syria and Egypt, and claimed that oil production had been affected. The group also threatened to attack Saudi Aramco again on 1st September.
The malware in use is believed to have been the Shamoon malware, which came to light on 21st August.
Case 2:
RasGas, the second largest producer of Qatari LNG after Qatar Petroleum, has been hit with an "unknown virus" which has taken the company offline.
A RasGas spokesperson confirmed that "an unknown virus has affected its office systems" since Monday 27th August.
RasGas confirmed the situation by fax yesterday. "RasGas is presently experiencing technical issues with its office computer systems," said the RasGas fax seen by Oil & Gas Middle East, dated 28th August. "We will inform you when our system is back up and running."
Emails to verified addresses at RasGas bounced back with a permanent delivery failure error message. and the RasGas website (www.rasgas.com) is down.
The RasGas spokesman said the virus has "no impact whatsoever on operations in Ras Laffan Industrial City and there are no issues with cargo deliveries."
"Everyone is reporting to work as normal," the spokesman said. "We are working with ICT Qatar to resolve the situation as soon as possible."
The news follows a malware attack against Saudi Aramco on 15th August which forced the world's largest oil company to take down its company-wide office systems for 12 days.
RasGas, a joint venture between QP and ExxonMobil, comprises seven giant LNG process trains in Ras Laffan, Qatar. The company exports 36.3m tonnes a year of LNG, most of which under long-term contracts with customers in Korea, India, Italy, Spain, Belgium, Taiwan, and the Americas.
The company is also responsible for around 10% of global helium production.
No comments:
Post a Comment