Ransomware Attack on Carigali Hess by Hunters International Exposes Vulnerabilities
Incident Date:
July 13, 2024
Overview
Title
Ransomware Attack on Carigali Hess by Hunters International Exposes Vulnerabilities
Victim
Carigali Hess Operating Company
Attacker
Hunters International
Location
First Reported
July 13, 2024
Ransomware Attack on Carigali Hess Operating Company by Hunters International
Overview of Carigali Hess Operating Company
Carigali Hess Operating Company (CHOC) is a joint venture between Petroliam Nasional Berhad (PETRONAS) and Hess Corporation. Based in Kuala Lumpur, Malaysia, CHOC specializes in the exploration, development, and production of oil and gas resources in the Malaysia-Thailand Joint Development Area (JDA). The company employs around 200 staff and is valued at approximately $200 million. CHOC is known for its advanced technological solutions and operational excellence, focusing on optimizing the recovery of hydrocarbons while adhering to stringent environmental regulations.
Details of the Ransomware Attack
The ransomware group Hunters International has claimed responsibility for a cyberattack on Carigali Hess Operating Company. The attack was publicly disclosed on the group's dark web leak site, listing CHOC as a victim. This incident underscores the persistent cybersecurity threats faced by key players in the energy sector, particularly those operating in resource-rich regions like the JDA.
About Hunters International
Hunters International is a Ransomware-as-a-Service (RaaS) group that emerged in Q3 of 2023, following the disruption of the Hive ransomware group. The group exhibits significant technical overlap with Hive, suggesting an evolution or offshoot of the dismantled operation. Hunters International focuses on exfiltrating data and extorting victims for ransom. The group has been detected targeting victims across various regions, including the US, UK, Germany, and Namibia.
Potential Vulnerabilities and Attack Penetration
While specific details of how Hunters International penetrated CHOC's systems are not publicly disclosed, the group's tactics often involve exploiting vulnerabilities in network security, phishing attacks, and leveraging stolen credentials. Given CHOC's significant role in the energy sector and its reliance on advanced technological solutions, any lapses in cybersecurity protocols could have been exploited by the attackers.
Sources
Recent Ransomware Attacks
The Recent Ransomware Attacks (RRA) site acts as a watchtower, providing you with near real-time ransomware tracking of attacks, groups and their victims. Given threat actors’ overarching, lucrative success so far, ransomware attacks have become the most ubiquitous, and financially and informationally impactful cyber threat to businesses and organizations today.
The site’s data is generated based on hosting choices of real-world threat actors, and a handful of other trackers. While sanitization efforts have been taken, we cannot guarantee 100% accuracy of the data. Attack updates will be made as source data is reported by reputable sources. By viewing, accessing, or using RRA you acknowledge you are doing so at your own risk.