Shell forced to reroute supplies after cyberattack on two German oil companies

Two subsidiaries of German logistics firm Marquard & Bahls are struggling to respond to a cyberattack.
Written by Jonathan Greig, Contributor

A cyberattack on two German oil suppliers has forced energy giant Shell to reroute oil supplies to other depots, according to Reuters and the Handelsblatt newspaper

Handelsblatt was the first to report on Monday that oil companies Oiltanking and Mabanaft, both owned by German logistics conglomerate Marquard & Bahls Group, had suffered a cyberattack that crippled their loading and unloading systems. Oiltanking had a throughput of 155 million tons in 2019, according to Handelsblatt.  

By Tuesday, Royal Dutch Shell said it was forced to reroute to different supply depots because of the issue. Oiltanking did not respond to requests for comment but confirmed the attack to The Stack and said they "have declared force majeure." They reportedly discovered the attack on Saturday. 

The incident follows another cyberattack on billion-dollar German logistics firm Hellmann Worldwide Logistics that took place in December.  

German officials spoke at a news conference about the issue. Arne Schonbohm, president of the Federal Office for Information Security, said the attack on Oiltanking was "serious, but not grave." 

German intelligence officials released a warning last week about APT27 using the malware variant HYPERBRO against German commercial companies. 

"According to current knowledge, the attackers have been exploiting vulnerabilities in Microsoft Exchange and in the Zoho AdSelf Service Plus1 software since March 2021 as a gateway for the attacks. It cannot be ruled out that the actors, in addition to stealing business secrets and intellectual property, also try to infiltrate the networks of (corporate) customers or service providers," German intelligence service BfV said.

"The cyber espionage group APT27 has been active since at least 2010. The BfV is currently observing an increase in attacks against German targets by the group using the HYPERBRO malware."

Rumors that the Oiltanking incident is a ransomware attack reignited concerns about attacks on oil companies. Last year, US oil giant Colonial Pipeline dealt with a devastating ransomware attack that crippled its business services and left significant parts of the East Coast without access to gas for less than a week. 

"Impacting elements of the fuel, heating, and combustibles supply chain during the winter season potentially puts human safety and wellbeing in the crosshairs -- these types of attacks underscore the very serious risks posed by criminals to foundational parts of essential services and infrastructure," said Tim Wade, technical director at Vectra. 

Editorial standards