OT Pipeline Attack Shuts Down Compression Facility

February 15, 2021

INCIDENT

A cyberattack hit the control and communication assets on the operational technology (OT) network of a natural gas compression facility forcing it to shut down for two days.
An attacker used a spearphishing link to obtain initial access to the organization’s information technology (IT) network before pivoting to its OT network, according to a report from Cybersecurity and Infrastructure Security Agency (CISA). The attacker then deployed commodity ransomware to encrypt data for impact on both networks. Specific assets experiencing a loss of availability on the OT network included human machine interfaces (HMIs), data historians, and polling servers.

Incident Date

February 18, 2020

Estimated Cost

Unknown

Type of Malware

No Malware identified

Threat Source

No threat source identified