Increasingly sophisticated hackers possibly linked to a foreign nation aimed to disrupt key organisations in Saudi Arabia, the US-based cyber security firm McAfee said.
It did not name the possible attacker but US intelligence officials said they suspected a link to the kingdom's regional rival Iran after the Shamoon virus struck the Saudi energy sector in 2012.
Renewed Shamoon campaigns that began late last year attacked a wider range of targets including the public and financial sectors in Saudi Arabia, McAfee said in a blog post dated Tuesday.
The increase in sophistication suggests "the comprehensive operation of a nation-state," it said.
"This campaign was significantly larger, well-planned, and an intentional attempt to disrupt key organisations and the country of Saudi Arabia," McAfee's blog said.
The attackers entered their targets with phishing emails that allowed "reconnaissance" before initiating the strike which McAfee said is ongoing.
In January a senior Saudi telecommunications official was quoted as saying the kingdom's computer security systems are vulnerable to the "Shamoon 2" virus.
Among its reported victims was a division of the labour ministry.
Saudi Arabia and Iran have no diplomatic ties and support opposite sides of regional wars including in Yemen and Syria.