US Atlanta based Colonial Pipeline Company said in a statement last Friday that it was the victim of a cybersecurity attack, and so "proactively took certain systems offline to contain the threat, which has temporarily halted all pipeline operations, and affected some of our IT systems." An updated statement over the weekend it said it had "determined that this incident involves ransomware."
A former U.S. official and two industry sources have told media that the group DarkSide is among the suspects of this ransomware. Cybersecurity experts who have tracked DarkSide said it appears to be composed of veteran cybercriminals who are focused on squeezing out as much money as they can from their targets. Red Sky Alliance sources in Atlanta are saying the company is being very tight lipped about the attack. This cyber-attack was briefed up to the US President.
Colonial Pipeline is the largest US refined products pipeline system and can carry more than 3 million barrels of gasoline, diesel and jet fuel between the US Gulf Coast and the New York Harbor area. Colonial was founded in 1961 and construction of the pipeline began in 1962.:p.19–20 The pipeline is 5,500-miles (8,850-km) long.
Colonial Pipeline's owners include Koch Industries (a.k.a. Koch Capital Investments Company LLC, 28.09% stake ownership), South Korea's National Pension Service and Kohlberg Kravis Roberts (a.k.a. Keats Pipeline Investors LP, 23.44% stake ownership), Caisse de dépôt et placement du Québec (16.55% stake ownership via CDPQ Colonial Partners LP), Royal Dutch Shell (a.k.a. Shell Pipeline Company LP, 16.12% stake ownership), and Industry Funds Management (a.k.a. IFM (US) Colonial Pipeline 2 LLC, 15.80% stake ownership).
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. Analysts have been tracking the oil and gas industires for the past several years. The Energy Sector is a major target for hackers. For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or email@example.com.
Weekly Cyber Intelligence Briefings:
FAQ, Colonial Pipeline website Archived October 3, 2008, at the Wayback Machine
Cyberattack prompts Colonial Pipeline to halt operations - CBS News