What did attackers break into?
Attackers broke into the Qatar National Bank's computers, including its internal systems, core banking system, and customer database. They stole a lot of customer information, core banking system and payment switch.
How did the attackers break into it?
The attack used a weakness called a SQL injection in the bank’s online banking app. This allowed the attackers to get into the bank's internal systems and database. A group called "Bozkurtlar" was able to stay inside the system for a long time (approximately 200 days) without being noticed.
Who was impacted?
The people and groups affected by the data breach were many QNB customers, reporters from Al-Jazeera, some members of the ruling Al-Thani family, and government and defense officials. The attackers leaked a 1.5-gigabyte file that contained private customer information, such as login details and credit card info.
How was it investigated?
The bank launched an internal investigation with third-party cybersecurity experts to assess the scope of the breach and perform a forensic analysis. The bank's public statements were limited to reassuring customers that there was no financial impact on their accounts.
What did attackers break into?
Attackers broke into the administrative IT systems and computer network of RasGas, which included the company's website and email servers. The OS that control gas production were not affected.
How did the attackers break into it?
The attack was a malware attack using a type of the Shamoon virus. This virus is made to spread across a network, then delete data on computers it infects, making them useless. It seems to have started from one infected computer, possibly from a phishing email, and was set to activate at a certain date.
Who was impacted?
The attack hit RasGas’s internal computer and office systems, which caused the company's website and email servers to go offline. Although the company's IT was affected, its business of producing and supplying gas was not interrupted.
How was it investigated?
The attack on RasGas was part of a larger, coordinated effort. The investigation was connected to the analysis of the Shamoon malware that also hit another company, Saudi Aramco. Different security companies and government officials studied the malware to find out how it worked and where it might have come from. Some believe it was a government-sponsored attack.