European oil facilities hit by cyber-attacks

By Joe Tidy
Cyber reporter

  • Published
Base in AntwerpImage source, Oiltanking GmbH

Multiple oil transport and storage companies across Europe are dealing with cyber-attacks.

IT systems have been disrupted at Oiltanking in Germany, SEA-Invest in Belgium and Evos in the Netherlands.

In total dozens of terminals with oil storage and transport around the world have been affected, with firms reporting that the attacks occurred over the weekend.

But experts caution against assuming this is a co-ordinated attack.

The BBC understands that all three companies' IT systems went down or were severely disrupted.

Belgian prosecutors say they are investigating the cyber-attack that's affected SEA-Invest terminals including the company's largest in Antwerp, called SEA-Tank.

A spokeswoman for the company said they were hit on Sunday with every port they run in Europe and Africa affected.

The company is working to get a back-up IT system online but says that most liquid transportation is operational.

The spokeswoman said SEA-Invest is aware of the cyber-attacks against other companies but investigations have not determined if there is a link.

A spokesperson for Evos in the Netherlands told the BBC that IT services at terminals in Terneuzen, Ghent and Malta have "caused some delays in execution".

Limited capacity

On Monday Oiltanking Deutschland GmbH & Co. KG, which stores and transports oil, vehicle fuels and other petroleum products, said it had been hacked.

The company was forced to operate at a "limited capacity" and was investigating the incident, it said.

Some reports suggest the attack on Oiltanking is ransomware, where hackers scramble data and make computer systems inoperable until they get paid a ransom.

In May last year a ransomware attack on US oil supplier Colonial Pipeline saw supplies tighten across the US and multiple states declaring an emergency.

Image source, Colonial Pipeline
Image caption,
The Colonial Pipeline in the US was hacked in May 2021

An employee of a major barging company in the Netherlands told the BBC that port supply chains were disrupted.

The worker said they first noticed problems on Tuesday when oil deliveries started slowing down. He said "things are moving but much slower than normal".

No conclusions

The disruption comes as tensions remain high between Ukraine and Russia and as concern over rising energy prices grows.

But cyber-security experts caution against jumping to the conclusion that the multiple incidents are the result of a co-ordinated effort to disrupt the European energy sector.

"Some types of malware scoop up emails and contact lists and use them to automatically spam malicious attachments or links, so companies with shared connections can sometimes be hit in quick succession," said Brett Callow, Threat Analyst at cyber-security company Emsisoft.

"This is why you sometimes see sector-based or geographic-based clusters of incidents."

Another possible explanation could be that all the companies use the same software for operations that may have been compromised by hackers.