Ransomware Attack on Carigali Hess by Hunters International Exposes Vulnerabilities
Ransomware Attack on Carigali Hess Operating Company by Hunters International
Overview of Carigali Hess Operating Company
Carigali Hess Operating Company (CHOC) is a joint venture between Petroliam Nasional Berhad (PETRONAS) and Hess Corporation. Based in Kuala Lumpur, Malaysia, CHOC specializes in the exploration, development, and production of oil and gas resources in the Malaysia-Thailand Joint Development Area (JDA). The company employs around 200 staff and is valued at approximately $200 million. CHOC is known for its advanced technological solutions and operational excellence, focusing on optimizing the recovery of hydrocarbons while adhering to stringent environmental regulations.
Details of the Ransomware Attack
The ransomware group Hunters International has claimed responsibility for a cyberattack on Carigali Hess Operating Company. The attack was publicly disclosed on the group's dark web leak site, listing CHOC as a victim. This incident underscores the persistent cybersecurity threats faced by key players in the energy sector, particularly those operating in resource-rich regions like the JDA.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, following the disruption of the Hive ransomware group. The group exhibits significant technical overlap with Hive, suggesting an evolution or offshoot of the dismantled operation. Hunters International focuses on exfiltrating data and extorting victims for ransom. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.
Potential Vulnerabilities and Attack Penetration
While specific details of how Hunters International penetrated CHOC's systems are not publicly disclosed, the group's tactics often involve exploiting vulnerabilities in network security, phishing attacks, and leveraging stolen credentials. Given CHOC's significant role in the energy sector and its reliance on advanced technological solutions, any lapses in cybersecurity protocols could have been exploited by the attackers.
Sources
See Halcyon in action
Interested in getting a demo?
Fill out the form to meet with a Halcyon Anti-Ransomware Expert!