German petrol supply firm Oiltanking paralyzed by cyber attack

gas-station

Oiltanking GmbH, a German petrol distributor who supplies Shell gas stations in the country, has fallen victim to a cyberattack that severely impacted its operations.

Additionally, the attack has also affected Mabanaft GmbH, an oil supplier. Both entities are subsidiaries of the Marquard & Bahls group, which may have been the breach point.

Supply stable but volatile

Because the firm supplies a total of 26 companies in the country with fuel, German media raised worries about shortages immediately, but officials came forth to appease them.

Shell alone operates 1,955 gas stations in the country, so if they were to run out of fuel, it would cause a crisis that would have an adverse effect on an array of Germany’s day-to-day operations, and by extension its national economy.

The managing director of the independent tank storage association in Germany, Frank Shaper, told Spiegel that the attack does not endanger the supply of fuel in the country neither on heating nor the transportation aspects.

However, the disruption remains significant, and if it takes the firm a long time to resolve the IT problems caused by the attack, the supply chain could also be disrupted.

This is mainly due to the automation of the tank loading/unloading process that cannot fall back to manual operations since it relies entirely on computerized systems that are currently offline.

Oiltanking operates a total of 13 tank farms in Germany, and currently, these cannot serve trucks. Instead, the firm has resorted to using alternative charging points until the effects of the cyberattack are remediated.

Bleeping Computer received the following comment from the company regarding the current situation:

On Saturday, January 29th 2022, Oiltanking GmbH Group and Mabanaft GmbH & Co. KG (Mabanaft) Group discovered we have been the victim of a cyber incident affecting our IT systems. Upon learning of the incident, we immediately took steps to enhance the security of our systems and processes and launched an investigation into the matter. We are working to solve this issue according to our contingency plans, as well as to understand the full scope of the incident. We are undertaking a thorough investigation, together with external specialists and are collaborating closely with the relevant authorities. All terminals continue to operate safely.

Oiltanking Deutschland GmbH & Co. KG, an operating unit within the Mabanaft Group, operates all terminals in Germany and is not part of the Oiltanking GmbH Group.

Oiltanking GmbH Group continues to operate all terminals in all global markets. Oiltanking Deutschland GmbH & Co. KG terminals are operating with limited capacity and have declared force majeure. Mabanaft Deutschland GmbH & Co. KG has also declared force majeure for the majority of its inland supply activities in Germany. All parties continue to work to restore operations to normal in all our terminals as soon as possible.

Last week, the German intelligence service, BfV, warned local firms of ongoing cyberattacks coordinated by the APT27 Chinese state-supported hacking group.

While the attack on Oiltanking hasn’t been attributed to any actors yet, it could be the work of a state actor who seeks to cause large-scale disruption and economic damage.