OQ (Oman Oil Company): Termite Ransomware Attack
In November 2024, OQ--formerly known as Oman Oil Company--was claimed as a victim by the newly emerged Termite ransomware group.
OQ is a state-owned energy investment company wholly owned by the Government of the Sultanate of Oman, with operations spanning exploration, production, refining, petrochemicals, and renewable energy across 17 countries. termite" file extension.
OQ was among the first five victims publicly claimed by Termite.
KEY FACTS
- .What: Termite ransomware targeted OQ, Oman's state-owned energy company.
- .Who: OQ (formerly Oman Oil Company), operating across 17 countries.
- .Data Exposed: Undisclosed; modified Babuk variant used for double-extortion attack.
- .Outcome: No public breach statement from OQ; PDPL enforcement pending until 2026.
WHAT WAS EXPOSED
- .Specific data exfiltrated has not been publicly disclosed
- .Potentially exposed: employee personal data across 17 countries of operation
- .Operational and technical data related to exploration, production, and refining activities
- .Financial records, joint venture agreements, and investment portfolios
- .Contractor and vendor data from OQ's extensive supply chain
Termite subsequently gained wider attention for its attack on Blue Yonder, a major supply chain management platform whose compromise affected Starbucks and Morrisons.
The incident falls within the Oman PDPL's transition period, with full enforcement scheduled for February 5, 2026.
SOURCES
Symantec Threat Hunter Team, BleepingComputer, The Register, Oman PDPL (Royal Decree 6/2022)