A major player in the global oil industry, Halliburton, endured a severe cyberattack that caused its systems to shut down. The oil giant confirmed the incident after facing operational disruptions.
Haliburton Confirmed Suffering Cyberattack That Shut Down Some Of Its Systems
According to Reuters, the oil giant Halliburton suffered a serious cyberattack, impacting its operations.
Initial reports about the matter first surfaced online on August 22, 2024, when Halliburton admitted a security issue affecting some of its systems. The firm even explained working on remedial measures to address the problem, including hiring “external experts.”
At that time, the exact nature of the attack was not clear. However, an anonymous person from the company told Reuters that the incident affected some global connectivity networks and the “company’s north Houston campus.” Consequently, Halliburton even stopped some staff members from connecting to internal networks.
However, more details became available shortly after as the US Department of Energy (DOE) directly commented on it. According to its statement to the media, DOE became aware of the incident but couldn’t specify the nature of the attack.
However, the exact nature of the incident is unknown at this time.
Yet, DOE assured no serious impact of the cyberattack on energy services.
There are no indications that the incident is impacting energy services at this time and DOE is coordinating with interagency partners.
Soon after, the oil giant also filed a public filing with the US Securities and Exchange Commission (SEC) confirming the cybersecurity incident. According to the details filed, Halliburton detected the security breach on August 21, 2024, and immediately took necessary measures to address the problem. The firm also notified the law enforcement agencies and launched an investigation.
On August 21, 2024, Halliburton Company (the “Company”) became aware that an unauthorized third party gained access to certain of its systems.
When the Company learned of the issue, the Company activated its cybersecurity response plan and launched an investigation internally with the support of external advisors to assess and remediate the unauthorized activity. The Company’s response efforts included proactively taking certain systems offline to help protect them and notifying law enforcement. The Company’s ongoing investigation and response include restoration of its systems and assessment of materiality.
Moreover, the firm also pledged to inform the relevant stakeholders about the matter.
The Company is communicating with its customers and other stakeholders. The Company is following its process-based safety standards for ongoing operations under the Halliburton Management System, and is working to identify any effects of the incident.
RansomHub Ransomware Responsible For This Attack
While initial reports didn’t include much detail, it eventually turned out that the firm actually suffered a ransomware attack.
Although Halliburton has not officially disclosed this fact, according to Bleeping Computer, the company sent emails to suppliers elaborating on the incident, including IOCs that indicate RansomHub ransomware involvement. Specifically, one of the IOCs included a Windows executable, “maintenance.exe,” that Bleeping Computer confirmed as the RansomHub encryptor.
Further details about possible ransom payments or data exfiltration from the attackers are yet to surface online.
Halliburton is an American oil firm that currently ranks #2 among the global players in the oil industry. Its staff consists of roughly 50,000 employees, working for hundreds of its subsidiaries worldwide.
Let us know your thoughts in the comments.
