Halliburton has reported that hackers have accessed and removed data from its systems in a cyberattack that occurred last month. In a filing with the US Securities and Exchange Commission (SEC), the American oilfield services provider confirmed the data theft but stated that the breach is not expected to have a material impact on its financial condition or operations. The company is currently assessing the full scope of the compromised data.
The breach, detected on 21 August 2024, led Halliburton to activate its cybersecurity response plan, take certain systems offline to protect them, and notify law enforcement. An ongoing internal investigation, with support from external cybersecurity advisors, aims to restore affected systems and determine the nature of the stolen data.
Halliburton stated that it has been in communication with customers and stakeholders regarding the incident and is following its established safety standards to ensure ongoing operations.
Full Halliburton hack impact unknown at this stage
While Halliburton continues to provide its services globally, the attack has caused disruptions and limited access to some business applications crucial for its operations and corporate functions. The breach significantly impacted operations at its North Houston campus and affected several global connectivity networks. The company said that it is collaborating with law enforcement and cybersecurity experts to investigate and recover from the incident.
“The Company has incurred, and may continue to incur, certain expenses related to its response to this incident,” said Halliburton. “As of the date of this Current Report on Form 8-K, the Company believes that the incident has not had, and is not reasonably likely to have, a material impact on the Company’s financial condition or results of operations.
“The Company remains subject to various risks due to the incident, including the adequacy of processes during the period of disruption, diversion of management’s attention, potential litigation, changes in customer behaviour, and regulatory scrutiny.”
RansomHub involvement suspected
Though the specifics of the attack are still under investigation, there are signs that the RansomHub ransomware gang may be involved. Known for its double-extortion tactics, where they encrypt data and threaten to release it unless a ransom is paid, RansomHub has been linked to multiple ransomware attacks since early 2024.
The group’s involvement in the Halliburton incident is suspected based on indicators of compromise and other technical evidence observed during the investigation.
The US Federal Bureau of Investigation (FBI) recently reported that RansomHub has compromised over 200 victims since February 2024. Previously known as Cyclops and Knight, this ransomware-as-a-service (RaaS) group targets critical sectors such as water, government, healthcare, and financial services.
An advisory from the Cybersecurity and Infrastructure Security Agency (CISA) and the FBI noted that RansomHub has attracted affiliates from other significant ransomware groups like LockBit and ALPHV.
Meanwhile, a report from cybersecurity firm KnowBe4 highlighted a 30% rise in cyberattacks on critical infrastructure in 2024, identifying the US power grid as particularly vulnerable, with weak points increasing by 60 per day.
Globally, weekly cyberattacks on utilities have quadrupled since 2020, with over 420 million attacks on critical infrastructure recorded between January 2023 and January 2024, averaging 13 attacks per second. This surge in cyber threats reflects the increasing challenges facing companies like Halliburton and the broader critical infrastructure sector.