Oil & Gas


Cyberattack Targets Bazan Group’s Digital Infrastructure

January 17, 2024

Anonymous Sudan, a notorious hacking group, has claimed responsibility for a substantial cyberattack on Bazan Group, formerly known as Oil Refineries Ltd, Israel’s primary oil refining and petrochemicals company. The attack targeted the digital infrastructure of Bazan Group, raising concerns about potential implications for Israel’s economic powerhouse. While the hacking collective declared a major cyber offensive, Bazan Group confirmed a temporary and minor connectivity slowdown, emphasizing no damage to business or operational processes.

read more

Ukranian Oil and Gas Company Naftogaz Hit by Cyberattack

January 25, 2024

State-owned critical infrastructure companies in Ukraine fell victim to cyberattacks on Thursday, with the largest oil and gas company, Naftogaz, being among the targets. The cyber assailants targeted Naftogaz’s data center, leading to the complete inactivity of the company’s website and call centers.

As of the latest update, specialists from Naftogaz are actively working to resolve the incident, promising further comments on the nature of the attack. Naftogaz, a cornerstone of Ukraine’s energy industry employing 100,000 people and supplying gas to over 12 million households, faces a critical situation, and the motive and identity of the attackers remain unclear.

read more

Trans-Northern Pipelines (TNPI) Says Able to Contain Ransomware Attack

November 1, 2023

Trans-Northern Pipelines (TNPI) has confirmed its internal network was breached in November 2023 and that it’s now investigating claims of data theft made by the ALPHV/BlackCat ransomware gang.

“Trans-Northern Pipelines Inc. experienced a cybersecurity incident in November 2023 impacting a limited number of internal computer systems,” TNPI Communications Team Lead Lisa Dornan told BleepingComputer. “We have worked with third-party, cybersecurity experts and the incident was quickly contained. We continue to safely operate our pipeline systems.

read more

US Natural Gas Compression Facility Shut Down Entire Pipeline for 2 Days

January 1, 2019

Attackers used spear phishing to gain initial access to the IT network, then pivoted into the OT network due to poor segmentation. Then, they planted ransomware.

The attack did not impact any programmable logic controllers (PLCs) and at no point did the victim lose control of operations. Although the victim’s emergency response plan did not specifically consider cyberattacks, the decision was made to implement a deliberate and controlled shutdown to operations.

read more

Iranian Petrol Stations Hit by Cyberattack

December 18, 2023

Iran has accused a hacking group with alleged ties to Israel of carrying out a cyber attack that resulted in service disruptions at petrol stations throughout the country on Monday. The Israeli hacker group Gonjeshke Darande or Predatory Sparrow also claimed responsibility for hacking Iran’s gas stations. Iran’s oil minister, Javad Owji, confirmed that a cyberattack was responsible for the widespread disruption of petrol stations nationwide, and that services had been disrupted at about 70% of Iran’s petrol stations.

read more

Royal Vopak’s Malaysian Oil Storage Complex Hit by Ransomware Attack

April 24, 2023

Vopak has fallen victim to a ransomware attack in Malaysia by what appears to be the ALPHV Blackcat ransomware group. Vopak informed that its business operations in the Netherlands are not in danger.

“We can confirm that an IT incident has occurred at Pengerang Independent Terminals (PTSB) in Malaysia,” a Vopak spokesperson said. “Unauthorized persons have gained access to our data,” Vopak confirms. “The incident is under investigation and we apologize for any inconvenience caused.” The company remains operational. Critical business information was allegedly stolen, including about the company’s fuel infrastructure and systems.

read more

Bartec Top Holding Announces Data Breach

November 10, 2023

Bartec TOP HOLDING Gmbh disclosed cyber incident on their website: “In the past days, an unauthorized data access attempt was undertaken on parts of BARTEC’s IT infrastructure. This attempt was largely prevented by our own security systems. We immediately checked our existing IT infrastructure and have not identified any new attempts at unauthorized data access since then.”

The attack was claimed by Hunters International Ransomware Group.

read more

Chinese Identified Hackers Targeting Hawaii Water Utilities and unidentified Oil & Gas Pipeline in US

December 11, 2023

Chinese hackers are positioning themselves inside critical US infrastructure by targeting careless office workers in a bid to cause ‘societal chaos’ from within should war break out.
Beijing’s military have burrowed into more than 20 major suppliers in the last year alone including a water utility in Hawaii, a major West Coast port and at least one oil and gas pipeline, analysts have revealed. They have bypassed elaborate cyber security systems by intercepting passwords and log-ins unguarded by junior employees, leaving China ‘sitting on a stockpile of strategic’ vulnerabilities.

“It is very clear that Chinese attempts to compromise critical infrastructure are in part to pre-position themselves to be able to disrupt or destroy that critical infrastructure in the event of a conflict” stated Brandon Wales, executive director of the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA).

As a result of these cyber concerns, the Biden administration introduced mandatory regulations for industries in the oil and gas pipeline sector in summer 2021. Additionally, the Environmental Protection Agency introduced a directive for states to disclose cyber threats within their public water system evaluations in March. After that, three states filed lawsuits against the administration, alleging excessive regulatory control.

read more

Data Breach at Nigerian Oil and Gas Sector

January 2, 2023

An unknown threat actor has targeted the Nigerian Oil & Gas Industry Content Joint Qualification System (NOGIC JQS) and posted its data on the hacker forum with sample images revealing lists of files, including backups and MySQL data. The NOGIC JQS website offers services such as registration of contractors in the Nigerian oil and gas industry, marine vessel registration, verification, databases for national skill development, categorization of marine support vendors, expatriate quota application management, tenders management, etc. This points towards the severity of the hacking and leaking of sensitive and critical data.

Currently, the Nigerian Oil & Gas Industry Content Joint Qualification System (NOGIC) JQS portal is inaccessible and “under maintenance”. The website (nogicjqs.gov.ng) states that the application is undergoing updates.

The Nigerian oil and gas industry has been in the news over the oil theft controversy, price increase, and discovery of oil slicks in the Escravos river. As per reports, Nigeria is Africa’s primary oil provider and adds 1.2 million barrels of oil daily.

read more

2020 Phishing Email Cost UK Interserve more than £11M

May 8, 2020

Hackers stole sensitive details on 100,000 people from an outsourcing company named Interserve. The Phishing campaign attackers are unknown and the company offered no additional information. The data stolen is sensitive, including employee names and their addresses, bank details, payroll information, HR records, pension information and much more.

Update August 2023: The Information Commissioner fined Interserve £4.4m in autumn 2022. Interserve was once a FTSE 250 firm but has largely been broken up after collapsing into administration four years ago. Its latest accounts reveal that it spent £7m on ‘professional adviser fees’ following the attack.

read more