{
	"id": "4cfac40d-9c15-405b-b65d-a6228f7e3b33",
	"created_at": "2026-04-06T00:14:51.154742Z",
	"updated_at": "2026-04-10T03:20:36.723519Z",
	"deleted_at": null,
	"sha1_hash": "0af16711564b14c1d65a355b100c496c865fba12",
	"title": "String of cyberattacks on European oil and chemical sectors likely not coordinated, officials say",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 90050,
	"plain_text": "String of cyberattacks on European oil and chemical sectors likely\r\nnot coordinated, officials say\r\nBy Adam Janofsky\r\nPublished: 2023-01-17 · Archived: 2026-04-05 20:03:12 UTC\r\nEuropean prosecutors and cybersecurity officials are investigating a ransomware attack affecting several major oil\r\nport terminals that occurred just days after a separate hack on two German companies forced oil suppliers to\r\nreroute their products to alternative depots.\r\nThe attacks targeted organizations in Belgium, the Netherlands, and Germany, including some of the largest ports\r\nin the region. Cybersecurity officials from those countries on Thursday said they do not have reason to believe that\r\nthe attacks are linked to one another.\r\nOne European government official who is involved in the investigation but is not authorized to speak about it\r\npublicly told The Record that the port incidents are ransomware attacks believed to be linked to the BlackCat and\r\nConti families. An internal report from Germany’s Federal Office for Information Security (BSI) said the\r\nBlackCat group, which has been implicated in a number of recent compromises, was behind the recent attack on\r\nthe two German oil industry companies, Handelsblatt reported on Wednesday.\r\n“A judicial investigation is ongoing at the public prosecutor's office in Antwerp. Attribution of such a cyberattack\r\nis, as you know, very difficult and it is now far too early for that. We have no technical indications that the attacks\r\nare linked,” Katrien Eggers, a spokesperson for the Centre for Cyber Security Belgium, told The Record. The\r\nCentre serves as the country’s central authority for cybersecurity.\r\nThe Netherlands’ National Cyber Security Center said in a statement that it does not believe the attacks targeting\r\nthe oil and chemical sector in the Netherlands, Belgium and Germany to be related, and that it does not appear to\r\nbe linked to nation-state hackers.\r\n“The NCSC's view is that at the moment there does not seem to be a coordinated attack and that the attacks were\r\nprobably committed with a criminal motive. The NCSC is closely monitoring developments and will take further\r\naction if necessary.”\r\nAccording to De Tijd, a Belgian newspaper that first reported on the port cyberattacks, Ghent-based Sea-Invest\r\nsuffered an attack that caused activities at its terminals worldwide to come to a standstill. The company has 5,500\r\nemployees and handled more than 150 million tons of goods last year, according to the paper. \r\nIn a statement in Dutch emailed to The Record, the company confirmed that attackers crippled Sea-Invest’s\r\nnetworks the night of Jan. 30 with ransomware. It added that its dry bulk division did not have to cease operations\r\nand that its liquid bulk department, Sea-Tank, has been able to resume operations as of yesterday evening.\r\nRerouting oil supplies\r\nhttps://therecord.media/string-of-cyberattacks-on-european-oil-and-chemical-sectors-likely-not-coordinated-officials-say/\r\nPage 1 of 3\n\nEarlier in the week, a cyberattack on Oiltanking GmbH and Mabanaft GmbH — two subsidiaries of the German\r\nlogistics firm Marquard \u0026 Bahls — caused Shell to reroute oil supplies to other depots.\r\n“On Saturday, January 29th 2022, [Oiltanking and Mabanaft] discovered we have been the victim of a cyber\r\nincident affecting our IT systems,” a company spokesperson told The Record in a statement. “Upon learning of the\r\nincident, we immediately took steps to enhance the security of our systems and processes and launched an\r\ninvestigation into the matter. We are working to solve this issue according to our contingency plans, as well as to\r\nunderstand the full scope of the incident. We are undertaking a thorough investigation, together with external\r\nspecialists and are collaborating closely with the relevant authorities. All terminals continue to operate safely.”\r\nThe spokesperson added that a unit of Manabaft that operates all terminals in Germany is operating with limited\r\ncapacity and has declared force majeure, meaning it cannot fulfill its prior agreements due to unforeseeable\r\ncircumstances.\r\nAttacks on oil and gas infrastructure have always been a top concern for the public and private sector, but came\r\ninto focus last May when a ransomware attack on Colonial Pipeline disrupted the supply of gasoline and jet fuel to\r\nmajor parts of the Southeast. \r\nThe Biden Administration blamed the attack on the DarkSide ransomware group, which soon shut down\r\noperations. Last month, a senior Biden administration official said an REvil hacker arrested by Russia’s security\r\nservice was responsible for the attack.\r\nGet more insights with the\r\nRecorded Future\r\nIntelligence Cloud.\r\nLearn more.\r\nNo previous article\r\nNo new articles\r\nhttps://therecord.media/string-of-cyberattacks-on-european-oil-and-chemical-sectors-likely-not-coordinated-officials-say/\r\nPage 2 of 3\n\nAdam Janofsky\r\nis the founding editor-in-chief of The Record from Recorded Future News. He previously was the cybersecurity\r\nand privacy reporter for Protocol, and prior to that covered cybersecurity, AI, and other emerging technology for\r\nThe Wall Street Journal.\r\nSource: https://therecord.media/string-of-cyberattacks-on-european-oil-and-chemical-sectors-likely-not-coordinated-officials-say/\r\nhttps://therecord.media/string-of-cyberattacks-on-european-oil-and-chemical-sectors-likely-not-coordinated-officials-say/\r\nPage 3 of 3",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"ETDA"
	],
	"references": [
		"https://therecord.media/string-of-cyberattacks-on-european-oil-and-chemical-sectors-likely-not-coordinated-officials-say/"
	],
	"report_names": [
		"string-of-cyberattacks-on-european-oil-and-chemical-sectors-likely-not-coordinated-officials-say"
	],
	"threat_actors": [],
	"ts_created_at": 1775434491,
	"ts_updated_at": 1775791236,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/0af16711564b14c1d65a355b100c496c865fba12.pdf",
		"text": "https://archive.orkl.eu/0af16711564b14c1d65a355b100c496c865fba12.txt",
		"img": "https://archive.orkl.eu/0af16711564b14c1d65a355b100c496c865fba12.jpg"
	}
}