Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Halliburton says data exfiltrated in August cyber attack

Major US oilfield and gas servicing giant Halliburton has revealed that data was stolen in the cloud-based cyber attack it suffered last month.

user icon Daniel Croft
Wed, 04 Sep 2024
Halliburton says data exfiltrated in August cyber attack
expand image

Halliburton initially disclosed the incident in an 8-K filing on 21 August, revealing that it had discovered an “unauthorised third party” on its systems.

Upon discovery, the company launched an investigation and engaged cyber security response, which involved taking systems offline.

Now, Halliburton has revealed that it believes the threat actors accessed and stole company data, and it is currently investigating what data was affected.

============
============

“The incident has caused disruptions and limitation of access to portions of the company’s business applications supporting aspects of the company’s operations and corporate functions,” said Halliburton in its most recent 8-K filing.

“The company believes the unauthorised third party accessed and exfiltrated information from the company’s systems. The company is evaluating the nature and scope of the information, and what notifications are required.”

While the company said it does not believe the cyber attack has or will have any material impact on its financial standing or output, it acknowledged that it has incurred expenses as part of its incident response.

“The company remains subject to various risks due to the incident, including the adequacy of processes during the period of disruption, diversion of management’s attention, potential litigation, changes in customer behavior, and regulatory scrutiny.”

While no threat actor has been formally identified as of yet, researchers with BleepingComputer have concluded that the RansomHub threat group is behind the incident.

The conclusion began after rumours that the group was behind the attack appeared on Reddit. When BleepingComputer received no response from Halliburton after requesting comment, the publication identified a ransomware encryptor used by RansomHub during its investigation, concluding that the threat actor was behind the breach.

However, RansomHub is yet to claim responsibility for the incident on its dark web leak site.

Cyber Daily has reached out to Halliburton for confirmation of this rumour and additional commentary.

Halliburton has a controversial history in the US, being behind most of the world’s largest fracking operations.

Additionally, the company had close links to former US vice president Dick Cheney, through whom it was granted a US$7 billion contract that no other company was authorised to bid on during the Iraq war.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.