A hack on Italian oil services firm Saipem that crippled more than 300 of the company’s computers used a variant of the notorious Shamoon virus, Saipem said, a development that links the case to a massive attack in 2012 on Saudi Aramco.
“The cyberattack hit servers based in the Middle East, India, Aberdeen, and in a limited way Italy through a variant of Shamoon malware,” the company said in a statement on 12 December.
Work is under way “in a gradual and controlled manner” to fully restore operations after the attack, it said.
The Shamoon virus was used in some of the most damaging cyberattacks in history, starting in 2012 when it crippled tens of thousands of computers at Saudi Aramco and RasGas in the Middle East—attacks that cybersecurity researchers said were conducted on behalf of Iran.
Saudi Aramco is Saipem’s biggest customer.
The attack crippled between 300 and 400 servers and up to 100 personal computers out of a total of about 4,000 Saipem machines, the company’s head of digital and innovation, Mauro Piasere, told Reuters.
No data will be lost because the company had backed up the affected computers, he said. The company said it first identified the attack on 10 December.
Piasere said the company does not know who was responsible for the attack.
However, Adam Meyers, vice president with US cybersecurity firm CrowdStrike, said he believed Iran was responsible because early technical analysis of the new Shamoon variant showed similarities to the 2012 campaign.