Threat Actor: RansomHub | RansomHub
Victim: Halliburton | Halliburton
Price: Not disclosed
Exfiltrated Data Type: Company operational data
Key Points :
- Halliburton experienced a cyberattack in August, impacting its IT infrastructure, particularly in Houston.
- The attack was linked to the RansomHub ransomware gang, which exfiltrated data during the breach.
- Halliburton is collaborating with external experts to investigate the incident and assess its impact.
- The company has reported disruptions and limited access to certain business applications due to the attack.
- Halliburton believes the incident will not materially affect its financial condition but acknowledges ongoing risks.
U.S. oil company Halliburton disclosed a data breach following the RansomHub ransomware gang attack that occurred in August.
In August, Halliburton, a major U.S. oil company, announced that a cyberattack hit its IT infrastructure, particularly impacting operations at its Houston offices.
Halliburton Company is an American multinational corporation and the world’s second largest oil service company which is responsible for most of the world’s largest fracking operations. It employs approximately 55,000 people through its hundreds of subsidiaries, affiliates, branches, brands, and divisions in more than 70 countries.
“U.S. oilfield services firm Halliburton on Wednesday was hit by a cyberattack, according to a person familiar with the matter.” reported Reuters. “Halliburton said it was aware of an issue affecting certain systems at the company and was working to determine the cause and impact of the problem.”
The company announced it is working with “leading external experts” to investigate the attack and fix the issue, however, it did not provide technical details about the attack.
A person familiar with the matter told Reuters that the company has asked some staff not to connect to internal networks.
According to Reuters, the cyberattack impacted the company’s north Houston campus, as well as some global connectivity networks.
This week, the company confirmed that threat actors had stolen data during the attack, according to the 8-K Form filed with Securities and Exchange Commission (SEC).
Bleepingcomputer first reported that the company was breached by the Ransomhub ransomware gang after it had analyzed the IoC shared by the company.
The company is investigating the security breach to determine the scope of the incident.
“The incident has caused disruptions and limitation of access to portions of the Company’s business applications supporting aspects of the Company’s operations and corporate functions. The Company believes the unauthorized third party accessed and exfiltrated information from the Company’s systems.” reads the 8-K Form filed with SEC. “The Company is evaluating the nature and scope of the information, and what notifications are required.”
Halliburton confirmed that has already incurred, and may continue to incur, certain expenses related to its response to this incident. The company believes that the incident has not had, and is not reasonably likely to have, a material impact on its financial condition or results of operations.
“The Company remains subject to various risks due to the incident, including the adequacy of processes during the period of disruption, diversion of management’s attention, potential litigation, changes in customer behavior, and regulatory scrutiny.” continues the document.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, ransomware)