US Natural Gas Compression Facility Shut Down Entire Pipeline for 2 Days

February 27, 2024

INCIDENT

Attackers used spear phishing to gain initial access to the IT network, then pivoted into the OT network due to poor segmentation. Then, they planted ransomware.

The attack did not impact any programmable logic controllers (PLCs) and at no point did the victim lose control of operations. Although the victim’s emergency response plan did not specifically consider cyberattacks, the decision was made to implement a deliberate and controlled shutdown to operations.

Incident Date

January 1, 2019

Estimated Cost

Pipeline shutdown for 2 days

Type of Malware

No Malware identified

Threat Source

No threat source identified