iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Major US oilfield and gas servicing giant Halliburton has revealed that data was stolen in the cloud-based cyber attack it suffered last month.
Halliburton initially disclosed the incident in an 8-K filing on 21 August, revealing that it had discovered an “unauthorised third party” on its systems.
Upon discovery, the company launched an investigation and engaged cyber security response, which involved taking systems offline.
Now, Halliburton has revealed that it believes the threat actors accessed and stole company data, and it is currently investigating what data was affected.
“The incident has caused disruptions and limitation of access to portions of the company’s business applications supporting aspects of the company’s operations and corporate functions,” said Halliburton in its most recent 8-K filing.
“The company believes the unauthorised third party accessed and exfiltrated information from the company’s systems. The company is evaluating the nature and scope of the information, and what notifications are required.”
While the company said it does not believe the cyber attack has or will have any material impact on its financial standing or output, it acknowledged that it has incurred expenses as part of its incident response.
“The company remains subject to various risks due to the incident, including the adequacy of processes during the period of disruption, diversion of management’s attention, potential litigation, changes in customer behavior, and regulatory scrutiny.”
While no threat actor has been formally identified as of yet, researchers with BleepingComputer have concluded that the RansomHub threat group is behind the incident.
The conclusion began after rumours that the group was behind the attack appeared on Reddit. When BleepingComputer received no response from Halliburton after requesting comment, the publication identified a ransomware encryptor used by RansomHub during its investigation, concluding that the threat actor was behind the breach.
However, RansomHub is yet to claim responsibility for the incident on its dark web leak site.
Cyber Daily has reached out to Halliburton for confirmation of this rumour and additional commentary.
Halliburton has a controversial history in the US, being behind most of the world’s largest fracking operations.
Additionally, the company had close links to former US vice president Dick Cheney, through whom it was granted a US$7 billion contract that no other company was authorised to bid on during the Iraq war.
Be the first to hear the latest developments in the cyber industry.
