The US issues advisory on cybergang that supposedly hacked Halliburton oil company
The US government has issued a joint advisory warning of the ongoing activities of the RansomHub ransomware group, which is believed to be responsible for a recent cyberattack on the oil giant Halliburton.
The advisory, published by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Health and Human Services (HHS), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), details the tactics, techniques, and procedures (TTPs) used by RansomHub in its attacks.
On its end, Halliburton has not confirmed that it was the target of a ransomware attack, but several reports, including from reputable ransomware researcher Dominic Alvieri, have linked the company to RansomHub. Bleeping Computer also reported on Thursday that RansomHub is the likely culprit, based on indicators of compromise (IoCs) identified during the investigation.
Another source (Reddit) claimed the hackers have stolen data and are demanding a $45 million ransom. Interestingly, the cybercrime group's leak website does not currently list Halliburton as a victim, which has led experts to speculate that negotiations may still be ongoing.
According to the advisory, RansomHub became active in February 2024 and has encrypted and exfiltrated data from at least 210 victims across various critical infrastructure sectors. These include water, IT, government services and facilities, healthcare, emergency services, financial services, food and agriculture, commercial facilities, critical manufacturing, communications, and transportation. However, the advisory does not specifically mention the energy sector, which includes oil companies.
The advisory has listed Indicators of Compromise (IoC) associated with RansomHub for businesses to detect and prevent intrusion.
Comments