Some of the servers of the Italian oil and gas services company Saipem were hit by a cyber attack early this week.

Saipem has customers in more than 60 countries, including Saudi Arabian oil and gas giant Saudi Aramco. It could be considered a strategic target for a broad range of threat actors.

The attack has been identified out of India on Monday and primarily affected the servers in the Middle East, including Saudi Arabia, the United Arab Emirates, and Kuwait.

Main operating centers in Italy, France and Britain had not been affected.

The attack affected only a limited number of servers in its infrastructure, Saipem said it is working to restore them using backups, a circumstance that could suggest that a ransomware hit the company.

Saipem told Reuters the attack originated in Chennai, India, but the identity of the attackers is unknown.

“The servers involved have been shut down for the time being to assess the scale of the attack,”Saipem’s head of digital and innovation, Mauro Piasere, told Reuters. 

“There has been no loss of data because all our systems have back-ups,” he added.

The Italian oil services company Saipem was hit by a cyber attack, it confirmed the event but has shared a few details about the attack.

“We have no proof of the origins or reasons for the attack, though this is being investigated,” a Saipem spokesperson said via email.

“We are collecting all the elements useful for assessing the impact on our infrastructures and the actions to be taken to restore normal activities,” the firm said in a statement.

At the time it is impossible to attribute the attack, it is not clear is the company faced a targeted attack or if was hit in a broader campaign carried out by threat actors.

We cannot exclude that attackers hit the company to target its business partners too, for example, Saudi Aramco that suffered Shamoon attacks in 2012 and 2016.

Saipem told media it was reporting the incident to the competent authorities.

Pierluigi Paganini