Multiple oil transport and storage companies across Europe are dealing with cyber-attacks. Information Technology systems have been disrupted at Oiltanking in Germany, SEA-Invest in Belgium, and Evos in the Netherlands.
Dozens of terminals with oil storage and transport around the world have been affected, with firms reporting that the attacks occurred over the weekend.
Belgian prosecutors say they are investigating the cyber-attack that’s affected SEA-Invest terminals including the company’s largest in Antwerp, called SEA-Tank.
A spokeswoman for the company said they were hit on Sunday with every port they run in Europe and Africa affected.
The company is working to get a backup IT system online but says that most liquid transportation is operational.
The spokeswoman said SEA-Invest is aware of the cyber-attacks against other companies but investigations have not determined if there is a link.
A spokesperson for Evos in the Netherlands said that IT services at terminals in Terneuzen, Ghent, and Malta have “caused some delays in execution”.
On Monday Oiltanking Deutschland GmbH & Co. KG, which stores and transports oil, vehicle fuels, and other petroleum products, said it had been hacked. The company was forced to operate at a “limited capacity” and was investigating the incident, it said.
In May last year, a ransomware attack on US oil supplier Colonial Pipeline saw supplies tighten across the US and multiple states declaring an emergency.
The worker said they first noticed problems on Tuesday when oil deliveries started slowing down. He said, “things are moving but much slower than normal”.
The disruption comes as tensions remain high between Ukraine and Russia and as concern over rising energy prices grows.
“Some types of malware scoop up emails and contact lists and use them to automatically spam malicious attachments or links, so companies with shared connections can sometimes be hit in quick succession,” said Brett Callow, Threat Analyst at cyber-security company Emsisoft.
“This is why you sometimes see sector-based or geographic-based clusters of incidents.”
Another possible explanation could be that all the companies use the same software for operations that may have been compromised by hackers.
