State oil producer Saudi Aramco is still repairing damage from a virus which infected thousands of employee computers in mid-August but the control systems and oilfield data are unaffected, sources familiar with the matter said.
Eleven days after the August 15 cyber attack, the company was still trying to establish the identity of the attackers, what data had been lost, and whether affected computers could be restored, the sources said.
One of Saudi Aramco's websites, www.aramco.com, which was taken offline soon after the attack, remained down on Sunday. Emails sent by Reuters to people within the company bounced back.
"Our computer systems were hacked, and this virus appears to be coming from outside and not from someone inside Aramco, but an investigation to find out what happened is still ongoing," one Saudi source said.
"Only personal computers were affected and until now some of these computers aren't working...This does not include any sensitive information related to production and no damage was done to any of the systems controlling production."
Contacted by Reuters on Sunday, a spokesman for Saudi Aramco, the world's largest oil producer, declined to comment. Immediately after the attack, the company announced it had isolated its electronic systems from the outside world to prevent further attacks.
Information technology experts have warned that cyber attacks on countries' energy infrastructure, whether conducted by hostile governments, militant groups or private "hacktivists" making political points, could disrupt energy supplies.
Iran, the target of international economic sanctions on focused on its oil industry over its disputed nuclear programme, has been hit by several cyber attacks in the last few years.
In April, a virus targeted Iranian oil ministry and national oil company networks, forcing Iran to disconnect the control systems of oil facilities including Kharg Island, which handles most of the country's crude exports.
Iran has attributed some of the attacks to the United States, Israel and Britain; current and former US officials told Reuters this year that the United States built the complex Stuxnet computer worm to try to prevent Tehran from completing suspected nuclear weapons work.
An English-language posting on an online bulletin board on August 15, signed by a group called the "Cutting Sword of Justice", claimed the group had launched the attack to destroy 30,000 computers at Saudi Aramco.