The US believes that Iran was behind an Aug. 15 cyberattack on Saudi Aramco, Saudi Arabia's state-owned oil company and the world's most valuable firm, and that it was retaliation against the US for unleashing the Stuxnet virus on an Iranian nuclear facility in 2010, the New York Times reports. The Aramco attack, one of the most destructive cyberattacks ever, erased data from 75% of the company's corporate computers and replaced it with a picture of an American flag in flames. A hacking group called "Cutting Sword of Justice" took responsibility for the so-called Shamoon virus, claiming to be upset about Saudi policies—but that claim, the flag image, and other clues are probably red herrings, computer researchers say, and the US believes Iran was the true perpetrator, though a company insider is suspected to have been involved.
One component of the virus, the mechanism set to erase data, was called "Wiper." That same name had been given to a similar erasing component of the Flame computer virus that attacked Iranian oil companies earlier this year, which first raised suspicions that Iran might be behind the Aramco attack. The US and Israel, which were behind Stuxnet, are also believed to have been behind Flame. US intelligence officials also think Iran was behind an attack on Qatari natural gas giant RasGas that took place two weeks after the Aramco hacking, as well as attacks last month and this month that disrupted US banking websites. This is a wake-up call, the officials say, proving Iran is more capable and more bold than the US had previously suspected when it comes to cyber warfare. See the Times for an extensive look at the Aramco attack.