Energy firm Chevron was hit by the Stuxnet, a computer virus reportedly created by the US and Israel to attack Iran's nuclear-enrichment facilities in Natanz.
Chevron general manager of the earth sciences department Mark Koelmel told the Wall Street Journal that the company found the virus in its systems after the malware's existence was first reported in a blog post in July 2010.
"I don't think the US government even realized how far the virus had spread," Koelmel said.
"I think the downside of what they did is going to be far worse than what they actually accomplished,' he said.
Chevron spokesman Morgan Crinklaw was quoted by the Wall Street Journal as saying that: "Chevron was not adversely affected by Stuxnet. We make every effort to protect our data systems from those types of threats."
Stuxnet's devices used in industrial equipment and targeted are made by the firms such as Siemens whose devices were in use at Iran's facility.
Most of the devices have been sold globally and every industrial firm that use these devices, called programmable logic controllers (PLCs) are at risk of being infected.
Saudi Aramco had resumed operating its main internal computer networks after a malicious virus, known as Shamoon, infected about 30,000 of its workstations earlier in August 2012.
In September this year, Qatar-based liquefied natural gas producer RasGas had reported that malware has shut down part of its computer system.