• 3 minutes e-car sales collapse
  • 6 minutes America Is Exceptional in Its Political Divide
  • 11 minutes Perovskites, a ‘dirt cheap’ alternative to silicon, just got a lot more efficient
  • 4 days How Far Have We Really Gotten With Alternative Energy
  • 9 days By Kellen McGovern Jones - "BlackRock Behind New TX-LA Offshore Wind Farm"
  • 4 days Solid State Lithium Battery Bank
  • 3 days Bad news for e-cars keeps coming
  • 15 days The United States produced more crude oil than any nation, at any time.
Cyril Widdershoven

Cyril Widdershoven

Dr. Cyril Widdershoven is a long-time observer of the global energy market. Presently he works as a Senior Researcher at Hill Tower Resource Advisors. Next…

More Info

Premium Content

Who Is Responsible For Cyberattacks On Europe’s Oil Industry

  • Earlier reports of cyberattacks on two German-based oil storage companies have now been followed by reports of new attacks coming out of the Netherlands and Belgium.
  • The cyberattacks have not significantly impacted oil or gas flows in Europe but could be connected in some way to the Russia-Ukraine conflict.
  • BlackCat has been linked to the original attack on the German companies, a group that is associated with the Darkside group that shut down the Colonial Pipeline last year.

Following news of major cyberattacks on German-based oil storage companies, there are now reports of similar attacks in the Netherlands and Belgium. In recent days, reports emerged that the German-based facilities of the Oiltanking GmbH Group and Mabanaft Group had come under attack. Last Saturday, the companies stated, they had IT systems report incidents. The total impact of the attacks remains unclear, but external parties are working to deal with the situation and understand the threat. Most emphasis is currently being put on the restoration of operations to normal in the terminals. Up until now, it seems that only the Oiltanking Deutschland part of the operation has been affected. The German entity is part of Mabanaft. Oiltanking’s other global oil, gas, and chemical terminals all appear unaffected. Mabanaft’s German arm had “declared force majeure for the majority of its inland supply activities in Germany.” Analysts report that only 1.7% of Germany’s gas stations are being impacted at present. German news agency DPA reported that the cyberattack has not threatened the country’s fuel supplies. 

Some analysts are, however, worried that these attacks are linked to the ongoing Ukraine-Russia conflict. Moscow has already threatened to shut off its pipelines in Europe if the Ukraine conflict escalates into a real conflict. While cyber-experts are playing down the possible link with Russia, it remains a real possibility that pro-Russian parties are trying to increase pressure on Berlin. 

After news of the German attacks went public, new reports came out today suggesting that oil terminals in the Netherlands (Amsterdam, Terneuzen) and Belgium (Antwerp, Gent) have been hit too. Reports suggest oil vessels are having trouble loading and unloading their cargo in these ports. According to the Dutch website Marketscreener, six storage facilities of Sea Tank, Oiltanking, and Evos have been hit. When asked, the Dutch National Cyber Security Center (NCSC) stated that it seems not to be a coordinated attack. NCSC indicated that there could be a criminal motive behind it. Europe’s EUROPOL is also involved in the search for the culprits.

The German Federal Office for Information Security (BSI) stated in a report that the BlackCat ransomware group was behind the recent cyberattack on the two German oil companies.  According to German newspaper Handelsblatt, who got access to the report, the Oiltanking attack was carried out by “BlackCat ransomware through a previously unknown gateway." Oiltanking did not confirm this. 

BlackCat was also responsible for last year’s ransomware attack on the Colonial Pipeline in the U.S., which brought fuel supplies to the US East Coast to a total standstill. BlackCat seems to be linked to Darkside and another ransomware group, BlackMatter. US cyber-experts have indicated that BlackCat is a rebrand of BlackMatter. 

While there are no direct links at present between BlackCat/BlackMatter and Moscow, it is hard to ignore the timing. This week, during a Putin news conference, the main focus was on the Ukraine conflict. In Moscow’s view, the crisis over Ukraine is a provocation entirely made in America. Moscow always links Ukraine’s future to the fact that the US may have positioned offensive weapons (land-attack weapons like the Tomahawk missile) near Russia. In a reaction to Putin’s statements, US Deputy National Security Advisor for Cybersecurity and Emerging Technologies Anne Neuberger is at present talking to NATO members on a mission which is "largely focused on how to coordinate a NATO response should Russia again attack parts of the power grid in Ukraine or take out communications in an effort to destabilize the Ukrainian government."  A potential cyber-based attack or cyberwarfare approach is clearly on their mind. At present, there is an emphasis on Russian cyber actions against Ukraine, as Ukraine is pressuring NATO members to assist it with cybersecurity. Recently, anti-Russian activists are said to have disrupted Belarusian rail transport. Without any doubt, the German-Dutch-Belgian cyber-attacks could be linked to a possible answer by others. One thing is clear, whatever or whoever is behind the current cyber threats, Moscow has the capability to hit whenever and wherever when it comes to cyberwar. 

By Cyril Widdershoven for Oilprice.com

More Top Reads From Oilprice.com:

Download The Free Oilprice App Today

Back to homepage

Leave a comment
  • Lee James on February 06 2022 said:
    Why are vital energy systems still so vulnerable? Are we making any progress? Can we tighten up security when cyber attack and manipulation is likely?

Leave a comment

EXXON Mobil -0.35
Open57.81 Trading Vol.6.96M Previous Vol.241.7B
BUY 57.15
Sell 57.00
Oilprice - The No. 1 Source for Oil & Energy News