Middle East Servers Targeted in Saipem Cyber-Attack
The attack targeted servers in Saudi Arabia, the United Arab Emirates and Kuwait, while the servers in Italy, France and Britain remain unaffected, according to Saipem’s head of digital and innovation, Mauro Piasere. The attack origination has not yet been determined.
“The servers involved have been shut down for the time being to assess the scale of the attack,” Piasere told Reuters.
Information Security tried to contact Saipem. As of the time of writing this, the company has not responded. The company did share an announcement on its website in which it stated:
“We are collecting all the elements useful for assessing the impact on our infrastructures and the actions to be taken to restore normal activities. We are also in the process of notifying the report of the incident to the competent authorities.”
A small Aberdeen, Scotland, office is the only European site affected by the attack, which has impacted 400 servers that remain down as the company investigates, according to Bloomberg Law.
“It's still too early to tell, but given Saipem's position as a trusted third-party supplier to Saudi Aramco, an educated guess would be that the adversary is the same one that attacked Saudi Aramco in the past – which points to the destructive Shamoon attacks of 2012 and 2016, now widely attributed to Iran," said Phil Neray, VP of industrial cybersecurity at CyberX.
Earlier this year, Saipem announced that it was looking to transition from oil and gas construction to offshore and wind energy, Energy Voice reported. To that end, it has invested $55m into technological innovation, though it is unclear what percentage of that investment is slated for cybersecurity.
Source: Information Security Magazine