Halliburton probes ‘an issue’ disrupting business ops

Updated American oil giant Halliburton is investigating an “issue,” reportedly a cyberattack, that has disrupted some business operations and global networks.

While the energy giant declined to call it a cyberattack, a Halliburton spokesperson told The Register that it was working to address the problem.

“We are aware of an issue affecting certain company systems and are working diligently to assess the cause and potential impact,” a Halliburton spokesperson said in an emailed statement. “We have activated our preplanned response plan and are working internally, and with leading external experts, to remediate the issue.”

A person familiar with the disruption, however, told Reuters that the world’s second-largest oil service was undergoing a cyberattack, and said that the digital intrusion affected business operations at Halliburton’s north Houston campus, along with some of its global connectivity networks.

According to some reports on social media, the payroll database along with employees’ devices were compromised.

The Halliburton spokesperson declined to answer The Register‘s specific questions about the incident, including if it was a ransomware infection.

Criminals are increasingly targeting critical infrastructure sectors, including energy, with extortion attacks, according to law enforcement. Last year, the FBI received 1,193 complaints from organizations belonging to a critical infrastructure sector that were affected by a ransomware attack, up 37 percent from 870 in 2022. 

And of the 395 ransomware attacks claimed by criminals last month, over a third (125 or 34 percent) targeted critical industrial organizations, according to a report published today by NCC Group. ®

Updated at 1430 UTC on August 23

Halliburton on Friday confirmed the “issue” disrupting its business operations and networks is, in fact, a cyberattack.

In an August 23 filing with the US Securities and Exchange Commission, the SEC, the oil giant said it became aware that an unauthorized third party broke into its computer systems on August 21.

“When the company learned of the issue, the company activated its cybersecurity response plan and launched an investigation internally with the support of external advisors to assess and remediate the unauthorized activity,” according to Halliburton’s 8-K filing to the SEC.

These response efforts include taking certain systems offline and alerting law enforcement. Halliburton is also notifying customers and other stakeholders about the breach. 

“The company’s ongoing investigation and response include restoration of its systems and assessment of materiality,” the filing added.

A Halliburton spokesperson declined to answer The Register‘s questions about the digital break-in, including if the attack was a ransomware infection.

READ MORE HERE