Giant Shell Oil is Cyber Attacked | Was it truly a Ransomware hack, or a cloak behind a more sinister Geo-Poli-Cyber™ Motivation?

Oil and gas giant Shell has confirmed that it was the victim of a ransomware cyber attack. In addition, a growing number of businesses, universities and government agencies have been targeted in what is believed to be a global cyberattack which western governments and sources have attributed to Russian cybercriminals.

Shell is one of the victims of the recent large-scale ransomware campaign conducted by the Clop gang exploiting a MOVEit zero-day vulnerability.

While the scope of the attacks are not yet fully known, officials at the US Cybersecurity and Infrastructure Security Agency (CISA) said Thursday that “several federal agencies… have experienced intrusions” and suggested a number of businesses could be impacted as well.

“This has the markings of potentially being classified as Geo-Poli-Cyber™ motivated attack despite it being a on face value a financially motivated ransomware.”

MLi Group Senior Survivability & Security expert.

*MLi Group will soon publish more details on the nature of the cyber breach.

Separately, state agencies said late Thursday that millions of people in Louisiana and Oregon had their data compromised in a security breach. The states did not blame anyone in particular for the hack but federal officials have attributed a broader hacking campaign using the same software vulnerability to a Russian ransomware gang that calls itself Clop.

The company is investigating the security breach and said that at this time the attack had no impact to its core IT systems.

“We are aware of a cyber security incident that has impacted a third-party tool from Progress called MOVEit Transfer, which is used by a small number of Shell employees and customers,” said Shell US spokesperson Anna Arata in a statement. “There is no evidence of impact to Shell’s core IT systems,” Arata added. “Our IT teams are investigating to understand and manage any risks, and take appropriate action, she said.

The Clop ransomware gang claims to have hacked hundreds of companies by exploiting the above issue.

“Nobody knows the full extent of this, and that’s the way these cyber compromises work,” Robert Cattanach, a partner specializing in cybersecurity at the law firm Dorsey & Whitney and a former trial lawyer for the Department of Justice, “Once you’re compromised, there begins an arduous process of ‘how far in did they get in?’ and ‘what did they take?’ That’s typically weeks, and sometimes months.”

More to come. register to stay up to date.


Are you Citizen-Journalist Material?

Have a tip or scoop? Do you have info about corruption that needs to be investigated and responsibly exposed ? Get in touch securely via WhatsApp at +44 7771 927378 | Signal at +447766 098270


Receive Exclusives, Features & News Updates

Subscribe



What Are
Geo-Poli-
Cyber™ Risks?

What Is Geo-Poli-Cyber™?

MLi Group created the terms Poli-Cyber™ and Geo-Poli-Cyber™ (GPC™) in 2012 and 2013 based on the philosophy that if you cannot identify and name the threat, you cannot mitigate that threat.

Geo-Poli-Cyber™ attacks are political, ideological, terrorist, extremist, ‘religious’, and/or geo-politically motivated.

Click to read more