In a growing list of critical infrastructure cyber events, Germany recently joined as one of the latest sites to be hit by the trickle-down effects of an attack. When Marquard & Bahls, a logistics group, was targeted by what is believed to have been a ransomware or malware attack, two of its supply affiliates were also impacted. Those suppliers were Oiltanking GmbH and Mabanaft GmbH, which happen to work with Shell Deutschland GmbH. Therefore, Shell’s fuel supply within the country was ultimately disrupted. To clarify the flow of issues within this network, CPO Magazine explained, “Together these fuel suppliers make shipments to about 26 companies, which in turn supply thousands of gas stations and other retail sources; the cyber attack threatens the gas supply of nearly 2,000 German Shell stations alone.” While this incident fortunately has not reached German citizens essential needs like heating, experts are concerned with the fact that it may influence automated tank loading and unloading systems that depend on the vulnerable computer systems. In its investigation of the incident, Germany’s Federal Office for Information Security has labeled it as “serious but not grave.”
However, this is not the only disturbance to be released on oil and gas infrastructure. A ransomware attack has also gotten in the way of oil terminal operations in Belgium, Germany and the Netherlands. Belgian prosecutors have reportedly started looking into the situation, which has also impacted cargo processes at those terminals, but the full-blown effects have yet to be uncovered. What has been noted thus far are interruptions to tanker tasks and barge processing.
Although the exact identities of the attackers responsible for these cases have not been confirmed, it is suspected that they could stem back to The BlackCat ransomware group. According to CyberScoop, Palo Alto Network ranks BlackCat seventh in having targeted the most victims. German intelligence is also considering the possiblity that Chinese hacking group APT27 could be involved. While we wait on those details to be sorted out, there are two things that seem pretty solid to assume when examining this situation. One is that critical infrastructure is clearly a growing preference among attackers, and two is that geopolitical affairs make it particularly appealing for state-backed actors.
While perhaps not directly intertwined, it does not seem purely coincidental that the cyberattack on Germany’s oil supply comes as the country puts pressure on Russia over its invasion of Ukraine. Germany has reportedly threatened to cut off its support of a gas pipeline deal that it has with Russia if its leaders refuse to scale back on the mounting presence it has in Ukraine. In fact, Russia was even accused of carrying out a cyberattack on Ukrainian government websites just a few weeks ago. As this all unfolds, the Cybersecurity & Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the National Security Agency (NSA), the Australian Cyber Security Centre (ACSC), and the United Kingdom’s National Cyber Security Centre (NCSC-UK) “have released a joint Cybersecurity Advisory (CSA) highlighting a global increase in sophisticated, high-impact, ransomware incidents against critical infrastructure organizations in 2021,” according to the CISA’s website. And it seems that this category of threats is likely to persist in 2022.
- “Critical Infrastructure Hit Again as German Fuel Suppliers Victimized by Cyber Attack, Oil Shipments Forced to Use Alternative Depots” – Scott Ikeda, CPO Magazine
- “Cyberattack Cripples European Oil Port Terminals” – Prajeet Nair, Bank Info Security
- “Major German fuel storage provider hit with cyberattack, working under limited operations” – Tonya Riley, CyberScoop
- “Bracing for Cyber War: The Global Ramifications of Rising Tension Between Russia and Ukraine” – Dennis Hackney, Hellenic Shipping News Worldwide
- “2021 Trends Show Increased Globalized Threat of Ransomware” – Cybersecurity & Infrastructure Security Agency