SOCRadar® Cyber Intelligence Inc. | An Inherent Weakness: Critical Infrastructures in Gulf Countries


Apr 28, 2023
4 Mins Read

An Inherent Weakness: Critical Infrastructures in Gulf Countries

One of the most devastating cyberattacks on critical infrastructure was the Colonial Pipeline attack in the United States in May 2021. This attack caused chaos nationwide and was considered a national security threat affecting consumers, airlines, and public transportation. 

The Colonial Pipeline attack has once again demonstrated how cyberattacks against the energy industry and the oil and gas industry (ONG), in particular, can jeopardize critical infrastructure and services, affect social order or cause widespread damage.

GCC consists of the wealthiest countries in the Arab region, and its total economy is one of the biggest in the world. As the world’s largest oil and gas exporter, GCC countries have established competitive and digitalized economies. 

The oil and gas industry plays an essential role in the prosperity and growth of Gulf Cooperation Council (GCC) countries due to their oil-based economies. Therefore, it is a necessary target for cyber attacks against GCC countries, making them a prime target against the oil and gas industry.

Download our GCC Threat Landscape Report to get more insights on the region’s potential cyber threats.

Significant Attacks on Gulf Countries’ Energy Industry

The ‘Nigth Dragon‘ campaign and ‘Troja.Laziyak‘ malware attacks against the energy industry globally have also seriously affected the GCC countries. On the other hand, significant cyber attacks have also occurred, directly targeting the Gulf countries’ ONG industry and critical infrastructures. 

Saudi Aramco, one of the world’s largest energy companies, was hit by a disk-wiping malware, Shamoon, in 2012. The attack resulted in the complete or partial destruction of more than 30,000 computers, significantly affecting the company’s supply chain, transportation, and contracts. 

gulf countries shamoon malware
Details about the Shamoon malware (Source: SOCRadar)

The attack not only demonstrated the potential for cyberattacks to cause significant damage to critical infrastructure and industrial control systems, but it also had an impact on global energy markets by causing a temporary drop in oil supply and raising concerns about the potential for cyber attacks to disrupt global supply chains and trade. In 2012, the RasGas liquefied natural gas (LNG) producing company in Qatar was the target of a wiper malware attack. In August 2017, Triton (a.k.a. Trisis) malware was detected in the industrial control systems of Petro Rabigh, a Saudi petrochemical company.

Triton malware targeting Gulf countries' critical infrastructures (Source: SOCRadar)
Triton malware targeting Gulf countries’ critical infrastructures (Source: SOCRadar)

Which GCC Critical Infrastructures are Under Risk?

No significant attacks on critical infrastructures in GCC countries were detected within the time scope of this report. However, threat actors focused on ONG and the energy industry pose a significant risk to the ONG industry of the GCC region. The region contains attractive facilities for threat actors, like: 

  • Ghawar, one of the largest onshore oil fields globally
  • Safaniyah, the world’s largest offshore oil field
  • Abqaiq, the world’s largest oil processing plant and crude oil stabilization facility with a daily capacity of more than 7 million barrels (bpd)
  • Ras Tanura, the world’s largest offshore oil export port 

A possible cyberattack with devastating consequences on the region could adversely affect the global oil market.

On the other hand, renewable natural water resources are scarce in the region, and water desalination is vital to obtain drinking water. Gulf countries host approximately 40% of the world’s total desalination plants. The world’s largest desalination plant, Ras al-Khair, is also in the region. Cyberattacks pose a risk for also Water and Wastewater Systems (WWS) as a critical infrastructure. In addition, WWS is dependent on the ONG sector as an energy source, and the ONG interruption to be experienced will adversely affect the functioning of the water system.

SOCRadar’s GCC Threat Landscape Report investigated various types of cyber incidents that the SOCRadar dark web team relates to GCC in March 2022 and February 2023. We hope to provide insight into what was happening in the cyber threat landscape of GCC countries and their cyber preparedness.