August 2012 — Shamoon, also known as DistTrack, was a denial of service attack against the Saudi Arabian national oil company Saudi Aramco. The attack, on 15 August 2012, wiped 30,000 to 35,000 disk drives. CNET and the BBC reported that the same malware was used to attack RasGas, a major liquefied natural gas firm in Qatar. Pastebin postings claimed credit for the "Arab Youth Group" and the "Cutting Sword of Justice" protesting the repressive rule of the al-Saud regime, although some suspect Iranian backing. Dark Reading and Symantec had some good early reporting. U.S. Secretary of Defense Leon Panetta described the attack as "the most destructive cyberattack on the private sector to date."
Aramco used its fleet of private aircraft to fly employees directly to factories throughout southeast Asia and buy all the available disk drives, some 50,000, at inflated prices. This temporarily halted shipments to other buyers and drove up prices, meaning that everyone who bought a disk drive or a computer between September 2012 and January 2013 paid a slightly higher price because of the Aramco hack.
September 2012 — A hacker group calling itself the "Izz ad-Din al-Qassam Cyber Fighters" took credit for a series of DDOS attacks against American banks starting in mid to late September. See the New York Times reports on Sep 26 2012 and Sep 27 2012 and CSO Online on Sep 27 2012. Later analysis by Dark Reading and RSA show that the DDOS wasn't the grass-roots uprising it was first portrayed as, but it included serious attackers.Bloomberg story
on Nov 2016
November 2016 — Hackers sponsored by Iran conducted a series of destructive attacks on Saudi Arabian government systems over the last two weeks of November. They used the same Shamoon malware used in 2012, wiping data and the boot blocks from computers, erasing data and rendering the computers unable to boot.
Thousands of comupters at the General Authority of Civil Aviation were wiped. Two other government ministries were attacked.