Saudi Aramco officials tried to downplay the severity of the attack. However, it disabled 30,000 workstations and took ten days to recover from. That is a serious attack. No telling how much data it destroyed or how much data it stole.
According to researchers, the malware also has the capacity to extract information from compromised [computers] before uploading it to the internet.
Core router names and admin passwords along with email address and supposed password of Saudi Aramco chief exec, Khalid A Al-Falih, were uploaded to Pastebin on Monday.
This is not hacker kiddies but a well-planned and executed attack intended to search, destroy, and disrupt.