Oil & Gas


Trans-Northern Pipelines (TNPI) Says Able to Contain Ransomware Attack

November 1, 2023

Trans-Northern Pipelines (TNPI) has confirmed its internal network was breached in November 2023 and that it’s now investigating claims of data theft made by the ALPHV/BlackCat ransomware gang.

“Trans-Northern Pipelines Inc. experienced a cybersecurity incident in November 2023 impacting a limited number of internal computer systems,” TNPI Communications Team Lead Lisa Dornan told BleepingComputer. “We have worked with third-party, cybersecurity experts and the incident was quickly contained. We continue to safely operate our pipeline systems.

read more

US Natural Gas Compression Facility Shut Down Entire Pipeline for 2 Days

January 1, 2019

Attackers used spear phishing to gain initial access to the IT network, then pivoted into the OT network due to poor segmentation. Then, they planted ransomware.

The attack did not impact any programmable logic controllers (PLCs) and at no point did the victim lose control of operations. Although the victim’s emergency response plan did not specifically consider cyberattacks, the decision was made to implement a deliberate and controlled shutdown to operations.

read more

Iranian Petrol Stations Hit by Cyberattack

December 18, 2023

Iran has accused a hacking group with alleged ties to Israel of carrying out a cyber attack that resulted in service disruptions at petrol stations throughout the country on Monday. The Israeli hacker group Gonjeshke Darande or Predatory Sparrow also claimed responsibility for hacking Iran’s gas stations. Iran’s oil minister, Javad Owji, confirmed that a cyberattack was responsible for the widespread disruption of petrol stations nationwide, and that services had been disrupted at about 70% of Iran’s petrol stations.

read more

Royal Vopak’s Malaysian Oil Storage Complex Hit by Ransomware Attack

April 24, 2023

Vopak has fallen victim to a ransomware attack in Malaysia by what appears to be the ALPHV Blackcat ransomware group. Vopak informed that its business operations in the Netherlands are not in danger.

“We can confirm that an IT incident has occurred at Pengerang Independent Terminals (PTSB) in Malaysia,” a Vopak spokesperson said. “Unauthorized persons have gained access to our data,” Vopak confirms. “The incident is under investigation and we apologize for any inconvenience caused.” The company remains operational. Critical business information was allegedly stolen, including about the company’s fuel infrastructure and systems.

read more

Bartec Top Holding Announces Data Breach

November 10, 2023

Bartec TOP HOLDING Gmbh disclosed cyber incident on their website: “In the past days, an unauthorized data access attempt was undertaken on parts of BARTEC’s IT infrastructure. This attempt was largely prevented by our own security systems. We immediately checked our existing IT infrastructure and have not identified any new attempts at unauthorized data access since then.”

The attack was claimed by Hunters International Ransomware Group.

read more

Chinese Identified Hackers Targeting Hawaii Water Utilities and unidentified Oil & Gas Pipeline in US

December 11, 2023

Chinese hackers are positioning themselves inside critical US infrastructure by targeting careless office workers in a bid to cause ‘societal chaos’ from within should war break out.
Beijing’s military have burrowed into more than 20 major suppliers in the last year alone including a water utility in Hawaii, a major West Coast port and at least one oil and gas pipeline, analysts have revealed. They have bypassed elaborate cyber security systems by intercepting passwords and log-ins unguarded by junior employees, leaving China ‘sitting on a stockpile of strategic’ vulnerabilities.

“It is very clear that Chinese attempts to compromise critical infrastructure are in part to pre-position themselves to be able to disrupt or destroy that critical infrastructure in the event of a conflict” stated Brandon Wales, executive director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

As a result of these cyber concerns, the Biden administration introduced mandatory regulations for industries in the oil and gas pipeline sector in summer 2021. Additionally, the Environmental Protection Agency introduced a directive for states to disclose cyber threats within their public water system evaluations in March. After that, three states filed lawsuits against the administration, alleging excessive regulatory control.

read more

Data Breach at Nigerian Oil and Gas Sector

January 2, 2023

An unknown threat actor has targeted the Nigerian Oil & Gas Industry Content Joint Qualification System (NOGIC JQS) and posted its data on the hacker forum with sample images revealing lists of files, including backups and MySQL data. The NOGIC JQS website offers services such as registration of contractors in the Nigerian oil and gas industry, marine vessel registration, verification, databases for national skill development, categorization of marine support vendors, expatriate quota application management, tenders management, etc. This points towards the severity of the hacking and leaking of sensitive and critical data.

Currently, the Nigerian Oil & Gas Industry Content Joint Qualification System (NOGIC) JQS portal is inaccessible and “under maintenance”. The website (nogicjqs.gov.ng) states that the application is undergoing updates.

The Nigerian oil and gas industry has been in the news over the oil theft controversy, price increase, and discovery of oil slicks in the Escravos river. As per reports, Nigeria is Africa’s primary oil provider and adds 1.2 million barrels of oil daily.

read more

2020 Phishing Email Cost UK Interserve more than £11M

May 8, 2020

Hackers stole sensitive details on 100,000 people from an outsourcing company named Interserve. The Phishing campaign attackers are unknown and the company offered no additional information. The data stolen is sensitive, including employee names and their addresses, bank details, payroll information, HR records, pension information and much more.

Update August 2023: The Information Commissioner fined Interserve £4.4m in autumn 2022. Interserve was once a FTSE 250 firm but has largely been broken up after collapsing into administration four years ago. Its latest accounts reveal that it spent £7m on ‘professional adviser fees’ following the attack.

read more

DDoS attack at Israel’s Largest Oil Refinery

July 29, 2023

The website of Israel’s largest oil refinery operator, BAZAN Group, became inaccessible to most parts of the world on Sunday due to a potential cyber attack. The website remained accessible from within Israel, possibly after imposition of a geo-block by BAZAN in an attempt to thwart an ongoing cyber attack. In a Telegram channel, Iranian hacktivist group Cyber Avengers has claimed responsibility and leaked what appear to be screenshots of BAZAN’s SCADA systems. The group states that it breached the petrochemicals giant via an exploit targeting a Check Point firewall at the company.

In a statement to BleepingComputer, a spokesperson for BAZAN has dismissed the leaked materials as “entirely fabricated.” An Iranian hacktivist group called Cyber Avengers, also known as CyberAv3ngers, claim to have compromised BAZAN Group

read more

Suncor Suffers Cyber Attack, Hurts Retail Operations

June 23, 2023

Canada’s leading integrated energy company, Suncor, said Sunday it suffered a cybersecurity incident that is affecting its ability to complete transactions with customers, officials said.
The company said it is taking measures and working with third-party experts to investigate and resolve the situation, and has notified appropriate authorities. At this time, the company said it was not aware of any evidence that customer, supplier or employee data suffered compromised or ended up misused as a result of this situation.
“While we work to resolve the incident, some transactions with customers and suppliers may be impacted,” the company said in a statement.
The issues began on Friday (June 23), when customers reported problems logging into the app and website for Petro-Canada, a gas station chain owned by Suncor.

read more