Oil giant Halliburton reportedly hit by cloud-based cyberattack


Halliburton on Wednesday confirmed it was in the midst of a cyberattack that has reportedly triggered the energy company to instruct staff to completely disconnect from internal networks.

In a statement sent to Cybernews on Wednesday afternoon, a spokesperson for the company said it was “aware of an issue affecting certain company systems and is working diligently to assess the cause and potential impact.”

The Halliburton spokesperson said the company had activated its “preplanned response plan,” adding that IT teams were “working internally, and with leading external experts, to remediate the issue.”

With dual headquarters in Houston, Texas, and Dubai, the second largest oilfield servicing company in the world boasts a presence in 70 countries and more than 40,000 international employees, its website states.

“Getting word from a friend in Houston that Halliburton is currently experiencing a massive cloud-based cybersecurity attack,” posted X user @MzBlckSheep, one of the earlier comments about the incident to hit social media.

“It's bad enough that they're having everyone in the network disconnect. This is the problem with putting all of your eggs in a cloud computing basket,” they wrote in the mid-morning post.

Additionally, a 'person familiar with the matter' told Reuters that the attack appeared to impact business operations at the company's North Belt campus in Houston, as well as some global connectivity networks.

That source also confirming to Reuters that Halliburton had asked some staff not to connect to internal networks.

Nick Tausek, Lead Security Automation Architect at Swimlane said the attack on Halliburton “serves as a wake-up call for the energy sector, which remains a prime target for cybercriminals due to its critical role in global economies.”

According to Bloomberg, the full-service oil industry provider of technology services, equipment, drilling, and refining operations to the world's major energy suppliers is further responsible for most of the world's largest fracking operations.

Halliburton has made waves in the past, criticized for its ties to former US Vice President Dick Cheney, who awarded the firm a $7 billion government contract during the Iraq war – a contract that no other company was allowed to bid on.

“Proactive security approaches will be essential not only to protect sensitive data but also to avoid potentially catastrophic disruptions,” Tausek said. "To safeguard against such attacks, organizations must not only enhance visibility across their entire IT networks but also ensure that their third-party partners are equally secure,” he added.

Attacks on the energy sector

Considered by security experts as a critical infrastructure attack, threat actors targeting the energy sector have created major fallout in the past.

In 2021, American fuel supplier Colonial Pipeline was the victim of a ransomware attack that shut down its network systems for nearly a week.

The infamous attack, which coincided with the end of the COVID-19 pandemic, had such an impact on the fuel supply chain it led to soaring prices, fuel shortages, and panic-hoarding at gas pumps across the Southeast part of the US.

out of gas sign
A sign is displayed at an empty gas pump during the fuel shortage caused by the Colonial Pipeline cyberattack. Wake Forest, North Carolina. may 21st, 2021. Image by SharkShock | Shutterstock.

“The Halliburton breach highlights a critical truth: many ransomware attacks exploit basic oversights rather than sophisticated techniques. Mistakes, misconfigurations, and a lack of ongoing evaluation create vulnerabilities that can be easily exploited," said Richard Caralli, Senior Cybersecurity Advisor at SaaS-based cyber management software firm Axio.

Caralli said that while the specifics of the [Halliburton] attack are still unclear, it’s likely that this wasn’t a highly complex operation.

“Much like the incidents at Colonial Pipeline, Caesars, MGM, and Clorox, the attackers may have taken advantage of simple, preventable errors—gaps in fundamental cybersecurity practices that were either inadequately implemented or not maintained over time," he explained.

Carried out by the DarkSide ransomware gang, Colonial Pipeline's CEO admitted to paying a $4.4 million ransom demand to the group in hopes of shortening recovery time.

The Russian-linked cybercriminal group later publicly apologized for the attack, stating it’s “goal is to make money, and not create problems for society.”

Earlier this year, major Canadian oil and gas pipeline operators Trans Northern Pipelines (TNPI) were claimed by the notorious ALPHV/BlackCat ransomware gang.

That attack, which was discovered and quickly remedied by Trans Northern in November 2023, was reported to be limited and had no major impact on the North American fuel supply chain.

"The takeaway from Halliburton’s experience is that organizations need to focus on consistently applying and maintaining the fundamentals of cybersecurity. It’s not always about defending against the most sophisticated threats, but ensuring that the basics are solid," Caralli said.

As of Wednesday, no cybercriminal group has come forward to claim responsibility for the attack on Halliburton.