Ransomware Attack on Carigali Hess by Hunters International Exposes Vulnerabilities

Incident Date:

July 13, 2024

World map

Overview

Title

Ransomware Attack on Carigali Hess by Hunters International Exposes Vulnerabilities

Victim

Carigali Hess Operating Company

Attacker

Hunters International

Location

Kuala Lumpur, Malaysia

, Malaysia

First Reported

July 13, 2024

Ransomware Attack on Carigali Hess Operating Company by Hunters International

Overview of Carigali Hess Operating Company

Carigali Hess Operating Company (CHOC) is a joint venture between Petroliam Nasional Berhad (PETRONAS) and Hess Corporation. Based in Kuala Lumpur, Malaysia, CHOC specializes in the exploration, development, and production of oil and gas resources in the Malaysia-Thailand Joint Development Area (JDA). The company employs around 200 staff and is valued at approximately $200 million. CHOC is known for its advanced technological solutions and operational excellence, focusing on optimizing the recovery of hydrocarbons while adhering to stringent environmental regulations.

Details of the Ransomware Attack

The ransomware group Hunters International has claimed responsibility for a cyberattack on Carigali Hess Operating Company. The attack was publicly disclosed on the group's dark web leak site, listing CHOC as a victim. This incident underscores the persistent cybersecurity threats faced by key players in the energy sector, particularly those operating in resource-rich regions like the JDA.

About Hunters International

Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, following the disruption of the Hive ransomware group. The group exhibits significant technical overlap with Hive, suggesting an evolution or offshoot of the dismantled operation. Hunters International focuses on exfiltrating data and extorting victims for ransom. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.

Potential Vulnerabilities and Attack Penetration

While specific details of how Hunters International penetrated CHOC's systems are not publicly disclosed, the group's tactics often involve exploiting vulnerabilities in network security, phishing attacks, and leveraging stolen credentials. Given CHOC's significant role in the energy sector and its reliance on advanced technological solutions, any lapses in cybersecurity protocols could have been exploited by the attackers.

Sources

Recent Ransomware Attacks

The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.

The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.