Security Experts:

Connect with us

Hi, what are you looking for?



European Oil Port Terminals Hit by Cyberattack

Major oil terminals in some of Western Europe’s biggest ports have fallen victim to a cyberattack at a time when energy prices are already soaring, sources confirmed on Thursday.

Major oil terminals in some of Western Europe’s biggest ports have fallen victim to a cyberattack at a time when energy prices are already soaring, sources confirmed on Thursday.

Belgian prosecutors have launched an investigation into the hacking of oil facilities in the country’s maritime entryways, including Antwerp, Europe’s second biggest port after Rotterdam.

In Germany, prosecutors said they were investigating a cyberattack targeting oil facilities in what was described as a possible ransomware strike, in which hackers demand money to reopen hijacked networks.

Oil prices hit a seven-year high last month amid diplomatic tensions with gas supplier Russia, and energy bills are fuelling a rise in inflation that has spooked European policymakers.

According to a specialised broker, the alleged hacking is affecting several European ports and is disrupting the unloading of barges in this already strained market.

“There was a cyberattack at various terminals, quite some terminals are disrupted,” said Jelle Vreeman, senior broker at Riverlake in Rotterdam.

“Their software is being hijacked and they can’t process barges. Basically, the operational system is down,” he said.

The EU’s Europol police agency said it was aware of the incidents in Germany and had offered support to authorities.

“At this stage the investigation is ongoing and in a sensitive stage,” Europol spokeswoman Claire Georges said.

One of the main victims seems to be the cross-border Dutch and Belgian Amsterdam-Rotterdam-Antwerp oil trading hub, where company IT systems were affected by the attack.

SEA-Tank Terminal, which has storage facilities in Antwerp, was hit, Belgian daily De Morgen reported.

The Dutch National Cyber Security Centre said the attacks were “probably committed with a criminal motive” and pledged to take further action “if necessary”.

– ‘Not grave’ –

In Germany, two oil supply companies said they were victim to the cyberattack since Saturday January 29.

Both Oiltanking Deutschland GmbH and Mabanaft declared force majeure, an emergency legal clause that is used when a company cannot fulfil its supply contracts because of an unforeseeable event, a joint statement said.

“We are committed to resolving the issue and minimising the impact as quickly and effectively as possible,” they said.

The head of Germany’s IT security agency, Arne Schoenbohm, said at a conference on Tuesday that the incident was serious but “not grave”, German media reports said.

According to the German newspaper Handelsblatt, an initial report from German security services identifies the BlackCat ransomware as the tool used in the cyberattack in Germany.

BlackCat emerged in mid-November 2021 as a software tool to allow hackers to seize control of target systems and has quickly gained notoriety for its sophistication and innovation.

According to US cybersecurity firm PaloAlto, BlackCat has the added advantage of being more lucrative than its rivals for the hackers who use it — other ransomware platforms usually take a higher commission.

The experts also note that BlackCat’s programmers use the Russian language, but this clue could be misleading since hackers often leave false clues to cover their tracks.

Recent ransomware attacks against targets in the United States and other western countries have been blamed on Russian-speaking hacker groups or those operating from Russian territory.

In June, US authorities said they had recovered a ransom payment paid by Colonial Pipeline to Russia-based ransomware extortionists Darkside, who had forced the shutdown of a major fuel network.

The attack caused short-term fuel shortages and drew attention to the broader threat that ransomware posed to essential infrastructure and services.

*updated throughout with additional information

Related: Mexican Oil Company Pemex Hit by Ransomware

Related: Oil and Gas Sector in Middle East Hit by Serious Security Incidents

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...