Halliburton, Law Enforcement Investigates Cyberattack Impact
Impact of the cyberattack against US critical industry firm Halliburton is being investigated by law enforcement and firm
American oilfield services firm Halliburton and law enforcement are said to be investigating the impact of a cyberattack last week.
Last Wednesday reports emerged that Halliburton was aware of an issue affecting certain systems at the company and was working to determine the cause and impact of the problem. Sources at the time indicated it was because of a cyberattack.
On Friday Halliburton then confirmed that it was hit by a cyberattack that forced the major oilfield services company to take systems offline.
Attack impact
In a filing on Friday, Halliburton said it became aware on Wednesday that an “unauthorised third party” had gained access to certain of systems.
“On August 21, 2024, Halliburton Company became aware that an unauthorised third party gained access to certain of its systems,” the firm stated. “When the Company learned of the issue, the Company activated its cybersecurity response plan and launched an investigation internally with the support of external advisors to assess and remediate the unauthorised activity.
“The Company’s response efforts included proactively taking certain systems offline to help protect them and notifying law enforcement,” it said. “The Company’s ongoing investigation and response include restoration of its systems and assessment of materiality.”
Halliburton also said that while it is communicating with its customers and other stakeholders, it is also “working to identify any effects of the incident.”
Reuters, who first reported on the cyberattack last Wednesday, had reported that the cyberattack appeared to impact business operations at the company’s north Houston campus, as well as some global connectivity networks.
The company had asked some staff not to connect to internal networks
Houston, Texas-based Halliburton is one of the largest oilfield services firms in the world, providing drilling services and equipment to major energy producers around the globe.
It had nearly 48,000 employees and operated in more than 70 countries at the end of last year, Reuters noted.
It is not clear at the time of writing whether the cyberattack is some form of ransomware attack, which has become so prevalent in recent years.
Energy services
The US Department of Energy said last Thursday the Halliburton cyber incident had not impacted any energy services.
These types of attacks are a sensitive issue in the United States. It should be remembered that in 2021, a major pipeline (Colonial Pipeline) in the United States was attacked by DarkSide, ransomware gang, causing widespread fuel shortages on the American east coast.
Indeed, so serious was the attack that the US government engaged emergency powers and US President Joe Biden received “personal briefings” about the cyberattack.
Colonial Pipeline’s CEO admitted his company paid a $4.4 million ransom as executives were unsure how badly its systems were breached or how long it would take to restore the pipeline.
The devastation after the attack caused DarkSide, a criminal gang located in either Russia or Eastern Europe, to publicly declare they were not carrying out the attack for political purposes, but rather were just seeking to make money.
London-based blockchain analytics firm Elliptic later identified the Bitcoin wallet used by DarkSide.
Critical infrastructure
The United States regards critical infrastructure as off limits, ever since US President Joe Biden raised the issue with Vladimir Putin in a June 2021 face-to-face meeting, before the Ukraine invasion in February 2022.
Biden and Putin had spent much of that face-to-face meeting talking about cybersecurity issues, with Biden bluntly warning Putin of ‘retaliation’ and an ‘aggressive response’ if Russia attacks a list of 16 ‘critical’ industries in America.
Then in July 2021 President Biden underscored the issue of cyberattacks, when he admitted they could cause a ‘real shooting war’ with a ‘major power’.
Ever since 2011 the United States said it reserved the right to retaliate with military force against a cyberattack from a hostile state.