Another Mideast energy firm has been infected by malware,
the second in as many weeks, with energy firm RasGas forced to disconnect itself from the Internet as a precautionary measure after an "unknown virus" overcame countermeasures. Natural gas production has thus far not been affected. Both attacks have been intended for data destruction rather than theft, and spread around internal networks by lurking on shared hard drives.
The pair of infections have come following alerts issued by security firms about the Shamoon and Disstrack viruses that specifically target companies in the energy industry. The two affected company has not commented on the the specific virus or parties involved, but insists that production has not been altered as a result of the security breach. Saudi Aramco was struck by a similar attack on
August 16, but has since recovered and purged the virus from its systems.
The first such reported incident was an attack at the National Iranian Oil Company in April, which forced a similar response to isolate the attack. The
virus was detected inside the control systems of the company's Kharg Island oil facility. The virus used for the Iranian attack, W32.Flamer (also referred to as 'Flame') was found in a number of Middle Eastern countries, but has since been remotely altered by its creators to
delete and overwrite itself. The specific vector of attack at Saudi Aramco and RasGas has not yet been determined.