A computer virus known as a wiper had been interfering with the ministry’s internal network, removing files from hard drives and taking over computers. Insiders suspected Saudi hackers of carrying out the attacks, though there was no evidence.

Four months later, Saudi Aramco, the largest company in the Saudi Arabia, was hit by a virus that erased data on three-quarters of the company’s computers, replacing everything with an image of a burning American flag. American intelligence officials said the real perpetrator was Iran, although they offered no evidence.

Dmitri Alperovitch, the co-founder and chief technology officer of the security firm CrowdStrike, wrote in a blog post on Thursday that the malware was a variant of Shamoon, which was used in the Aramco attack.

Mr. Alperovitch said the motives for the most recent attacks were not clear. He noted, however, that Iran had targeted Saudi Arabia with cyberattacks before, that the two countries have been locked in a sectarian competition for regional dominance for years, and that they are backing opposing sides of the wars in Syria and Yemen.

Iranian intelligence agents used Shamoon in 2012 in retaliation for international sanctions, Mr. Alperovitch said, adding that the latest attacks came just before a meeting in Vienna of the Organization of the Petroleum Exporting Countries, which agreed on Wednesday to cut oil production for the first time in eight years, prompting an immediate rise in oil prices.

Another security firm, Symantec, reported that the breaches had been timed for the evening of Nov. 17, the end of the workweek, which in much of the Muslim world runs from Sunday to Thursday.

“The attackers appear to have done a significant amount of preparatory work,” Symantec reported. “The malware was configured with passwords that appear to have been stolen from the targeted organizations and were likely used to allow the threat to spread across a targeted organization’s network. How the attackers obtained the stolen credentials is unknown.”