updated 12:21 pm EDT, Mon September 3, 2012
Energy production not affected, no estimated time of recovery
Another Mideast energy firm has been infected by malware, the second in as many weeks, with energy firm RasGas forced to disconnect itself from the Internet as a precautionary measure after an "unknown virus" overcame countermeasures. Natural gas production has thus far not been affected. Both attacks have been intended for data destruction rather than theft, and spread around internal networks by lurking on shared hard drives.
The pair of infections have come following alerts issued by security firms about the Shamoon and Disstrack viruses that specifically target companies in the energy industry. The two affected company has not commented on the the specific virus or parties involved, but insists that production has not been altered as a result of the security breach. Saudi Aramco was struck by a similar attack on August 16, but has since recovered and purged the virus from its systems.
The first such reported incident was an attack at the National Iranian Oil Company in April, which forced a similar response to isolate the attack. The virus was detected inside the control systems of the company's Kharg Island oil facility. The virus used for the Iranian attack, W32.Flamer (also referred to as 'Flame') was found in a number of Middle Eastern countries, but has since been remotely altered by its creators to delete and overwrite itself. The specific vector of attack at Saudi Aramco and RasGas has not yet been determined.