Saudi Aramco, Saudi Arabia's national energy company, said on Sunday it had repaired 30,000 workstations infected with a malicious virus earlier this month.
The eighth largest refiner in the world said its main internal networks were affected on 15 August. The computers have now been "cleaned and restored to service," according to a statement. Company employees resumed work on 25 August following the Muslim Eid holidays.
Enterprise systems used for hydrocarbon exploration and product are isolated network systems that were not affected. Production plants, which also have isolated systems, were not affected, Saudi Aramco said. The incident remains under investigation.
A group calling itself the "Cutting Sword of Justice" claimed responsibility for the attacks. The group accused the Saudi Arabian government of supporting "crimes and atrocities" in countries such as Syria and Egypt, according to a post on Pastebin.
Saudi Aramco said it expected further intrusions. "Saudi Aramco is not the only company that became a target for such attempts, and this was not the first nor will it be the last illegal attempt to intrude into our systems, and we will ensure that we will further reinforce our systems with all available means to protect against a recurrence of this type of cyber-attack."