The Italian oil-services company Saipem SpA is still assessing the scope and impact of a cyberattack that targeted its servers in the Middle East, according to the head of digital and innovation.

“We’re keeping the servers down to understand what happened,” Mauro Piasere said by phone Monday. Once that’s clear “we will be able to load the backup.”

The Milan-based company said earlier Monday it had detected a cyberattack and is taking actions to restore normal activities, without giving further details.

Piasere said servers in the Emirates and Saudi Arabia were hit the most, with attackers seeking to obtain administrative data. The only attack in Europe was in Aberdeen, Scotland, where the company employs fewer than 30 people.

It’s still unclear where the attack originated or who was behind it, Piasere said.

There are numerous potential perpetrators.

Read more: Mideast Oil And Gas Sector Needs Readiness Boost As Industrial Cyber Risk Intensifies, Study Reveals

Read more: Protecting Businesses from Cyber Security Threats

“As a significant international oil and gas leader, Saipem is part of one of Italy’s core critical infrastructures, and this positioning attracts a perfect storm of both financially motivated and state-sponsored attackers,” said Stefano Zanero, a professor of computer security at the Italian university Politecnico di Milano.

“Saudi Arabia, and the Middle East in general, is a very sensitive region which could point to either economic espionage, state-sponsored information gathering or even an hacktivism-inspired incident,” Zanero said.