https://14.stf365.com ru https://14.stf365.com/wiki/oilandgas/oilstation/en/tpost/7dbck29xo1-shutdown-of-oil-pumping-station https://14.stf365.com/wiki/oilandgas/oilstation/en/tpost/7dbck29xo1-shutdown-of-oil-pumping-station?amp=true Mon, 25 Nov 2024 00:30:00 +0300 Oil Pumping Station

Shutdown of oil pumping station

Event description

The Ministry of Energy of State F has announced the shutdown of an oil pumping station following a cyberattack. Press sources link the incident with a hacker group's attack on the intranet of one of Tube's operating units. The attackers managed to break into the oil pumping station's control system and shut down all the main pumps, as well as close the valves and cut off the main pipeline. F Oil Refinery, which receives crude oil from the station, has limited stocks of raw materials. If the attack impacts are not dealt with soon, the domestic market could suffer fuel shortages.

]]> https://14.stf365.com/wiki/oilandgas/dehydrator/en/tpost/n44n5pynr1-oil-treatment-stoppage-in-refinery-elect https://14.stf365.com/wiki/oilandgas/dehydrator/en/tpost/n44n5pynr1-oil-treatment-stoppage-in-refinery-elect?amp=true Mon, 25 Nov 2024 00:31:00 +0300 Oil Dehydrator System

Oil treatment stoppage in refinery electric dehydrator

Event description

Hackers infiltrated the refinery's internal network and gained access to the control system of the electric dehydrator. They cut the power to the electrodes inside it and halted the oil/water separation process every night for two weeks. The plant's management carried out a painstaking investigation of the incident, which led to downtime and losses.

]]> https://14.stf365.com/wiki/oilandgas/distillation/en/tpost/e73dhx0j01-stoppage-of-fuel-gas-supplies-to-refiner https://14.stf365.com/wiki/oilandgas/distillation/en/tpost/e73dhx0j01-stoppage-of-fuel-gas-supplies-to-refiner?amp=true Mon, 25 Nov 2024 00:32:00 +0300 Rectification Column

Stoppage of fuel gas supplies to refinery furnace

Event description

Production was abruptly halted at F Oil Refinery yesterday. Hackers managed to penetrate the enterprise's internal network and gain access to the control system of the tube furnace. They cut off the gas supply to the furnace, causing heating and rectification processes to stop.

]]> https://14.stf365.com/wiki/oilandgas/distillation/en/tpost/0pyalaafj1-flooding-of-refinery-rectification-colum https://14.stf365.com/wiki/oilandgas/distillation/en/tpost/0pyalaafj1-flooding-of-refinery-rectification-colum?amp=true Mon, 25 Nov 2024 00:32:00 +0300 Rectification Column

Flooding of refinery rectification column

Event description

Hackers attacked F Oil Refinery, owned by Tube. After gaining access to the enterprise's industrial control system, the attackers changed the settings of the rectification column, increasing the steam supply to the lower part of the column, which led to the formation of foam that prevented the liquid fractions from flowing down through the apertures in the plates. The column switched to flooding mode, filling up with oil and halting the separation of fractions. For several hours now, instead of the required gasoline, kerosene, and fuel oil, a substandard product has been coming out of the column.

]]> https://14.stf365.com/wiki/oilandgas/park/en/tpost/gzc8s652v1-tampering-of-oil-depot-data https://14.stf365.com/wiki/oilandgas/park/en/tpost/gzc8s652v1-tampering-of-oil-depot-data?amp=true Mon, 25 Nov 2024 00:33:00 +0300 Tank Farm

Tampering of oil depot data

Event description

During a routine inspection of Tube's oil storage facility, it was revealed that hackers had seemingly penetrated the company's system and spoofed the sensor readings three months prior to inspection. As a result, the facility was systematically underfilled by 20%. Despite this, the control panel continued to show that the tanks were 100% full. Over time, such inefficient use of storage capacity led to significant financial losses. Experts estimate the damage at nearly USD 2 million.

]]> https://14.stf365.com/wiki/oilandgas/hydrocracking/en/tpost/rb03adhor1-fire-at-oil-refinery-due-to-hydrocrackin https://14.stf365.com/wiki/oilandgas/hydrocracking/en/tpost/rb03adhor1-fire-at-oil-refinery-due-to-hydrocrackin?amp=true Mon, 25 Nov 2024 00:34:00 +0300 Hydrocracker

Fire at oil refinery due to hydrocracking reactor failure

Event description

Last night, residents near the Tube oil refinery woke up to a glowing sky and the sound of sirens. There was a fire in the hydrocracking unit designed to produce gasoline, jet fuel, and diesel fuel from the residual products of oil refining (petroleum residue, tar). The unit operates under the high pressure of hydrogen, up to 300 atm. The greater the pressure, the higher quality and more useful materials are produced. In the hydrocracking unit, a great amount of heat is released as hydrogen saturates the molecules formed during cracking. To equalize the temperature, cold hydrogen-containing gas is pumped into the reactor. However, last night the flow of cooling gas was deliberately reduced. "At 1:34 a.m., rescuers were informed that the installation filter had depressurized. The reactor overheated and hydrogen leaked. When mixed with the air, an explosive gas was formed and ignited," the company's press release explains. The fire has been extinguished, work is currently underway to cool and protect the damaged facilities, and a special task team has been formed to handle the aftermath. An excess of the maximum permissible concentration of hazardous substances in the air was recorded near the Tube terminal. The operation of the hydrocracking unit, hydrogen production unit, and sulfur production unit are temporarily suspended. The overall operation of the refinery has not been disrupted. Tube shareholders are seriously concerned about the damage to expensive production facilities.

]]> https://14.stf365.com/wiki/oilandgas/hydrocracking/en/tpost/564rcinnl1-tampering-of-hydrocracking-reactor-data https://14.stf365.com/wiki/oilandgas/hydrocracking/en/tpost/564rcinnl1-tampering-of-hydrocracking-reactor-data?amp=true Mon, 25 Nov 2024 00:35:00 +0300 Hydrocracker

Tampering of hydrocracking reactor data

Event description

At the Tube oil refinery, attackers hacked an automated control system and maniuplated the operating parameters of the hydrocracking unit (designed to produce gasoline, jet fuel, and diesel fuel from the residual products of oil refining, including petroleum residue and tar). Operators received incorrect data about the reaction temperature and pressure in the reactor. This led to incorrect process adjustments that altered the conversion level and damaged product quality. The security service is investigating the incident, and the enterprise is calculating its losses from the incident.

]]> https://14.stf365.com/wiki/oilandgas/paints-factory/en/tpost/6lb9fuoez1-change-of-paint-mixing-ratios-at-paint-a https://14.stf365.com/wiki/oilandgas/paints-factory/en/tpost/6lb9fuoez1-change-of-paint-mixing-ratios-at-paint-a?amp=true Mon, 25 Nov 2024 00:36:00 +0300 Paint Factory

Change of paint mixing ratios at paint and varnish factory

Event description

The Tube company has invested in the newly opened KoleroFF paint and varnish factory. However, the factory is already suffering losses as consumers are returning defective products from the latest batch. The reason behind this is a cyberattack in which the perpetrators altered the paint mixing ratios, meaning some of the products turned out to be the wrong shades. The company's security department is investigating the incident.

]]> https://14.stf365.com/wiki/oilandgas/paints-factory/en/tpost/lpj4pikk81-conveyor-shutdown-and-paint-spill-at-pai https://14.stf365.com/wiki/oilandgas/paints-factory/en/tpost/lpj4pikk81-conveyor-shutdown-and-paint-spill-at-pai?amp=true Mon, 25 Nov 2024 00:37:00 +0300 Paint Factory

Conveyor shutdown and paint spill at paint and varnish factory

Event description

The management of the paint and varnish factory was forced to halt the operations in one of the workshops due to a cyberattack. The conveyor belt's speed was disrupted, resulting in a product spill, with the belt covered in paint. The factory workers now have to disassemble the unit and replace the sensors and most of the moving parts. Having invested over 10 million rubles in the equipment, the factory management is very concerned about the fact that it's out of commission. The security department is already investigating the incident.

]]> https://14.stf365.com/wiki/oilandgas/tire/en/tpost/zdiurzkh41-tire-factory-shutdown https://14.stf365.com/wiki/oilandgas/tire/en/tpost/zdiurzkh41-tire-factory-shutdown?amp=true Mon, 25 Nov 2024 00:37:00 +0300 Tire Factory

Tire factory shutdown

Event description

Tube, a major oil and gas company, decided to invest a significant portion of its funds into the production of high-quality car tires. This new direction turned out to be incredibly successful, and the company quickly became known as a reliable manufacturer. Sales soared, and the profits increased with every quarter, but a sophisticated cyberattack interfered with Tube's plans for the future. A hacker group that is allegedly associated with a rival company accessed the process control system and altered the rubber compound formula. It took a while for the employees to notice the discrepancy in quality, and about 100,000 defective tires made it to the stores. Complaints from the customers began pouring in a week after the breach: drivers left negative reviews, reporting rapid tire wear. The factory had to recall the entire batch of tires and refund the affected customers. We're not just talking about millions in losses; the situation may cost the company a significant number of loyal customers and a drop in stock prices. For now, it's still unknown how long it will take Tube to restore its reputation.

]]> https://14.stf365.com/wiki/oilandgas/tanker/en/tpost/osrzyzdvb1-rerouting-of-autonomous-cargo-ship https://14.stf365.com/wiki/oilandgas/tanker/en/tpost/osrzyzdvb1-rerouting-of-autonomous-cargo-ship?amp=true Mon, 25 Nov 2024 00:38:00 +0300 Oil Tanker

Rerouting of autonomous cargo ship

Event description

For a week now, the front pages of State F's newspapers have been buzzing with headlines about an environmental disaster: an oil tanker belonging to Tube collided with a reef, causing a massive oil spill in the sea. The incident occurred at night when visibility was limited: the ship's captain failed to spot the danger in time. An investigation revealed that the tanker should not have been in that area at all (instead, it was supposed to take a predefined route, designed with all the necessary factors taken into account). According to experts, the ship was targeted by a cyberattack: the perpetrators gained access to the logistics system and exploited a vulnerability that allowed them to replace the safe, preplanned route with their own route. While the attackers' exact motives remain unclear, the impact is devastating. As a result of the incident, about 5 million barrels of crude oil have spilled into the sea, with the slick now stretching over 2,000 kilometers of coastline. This puts local fishing grounds and marine flora and fauna at risk. Tube is facing huge financial losses, as cleaning up a spill like that is a long and costly process.

]]> https://14.stf365.com/wiki/oilandgas/center/en/tpost/7f5oc1vsl1-operator-credential-theft https://14.stf365.com/wiki/oilandgas/center/en/tpost/7f5oc1vsl1-operator-credential-theft?amp=true Mon, 25 Nov 2024 00:39:00 +0300 Operator Center

Operator credential theft

Event description

Representatives of the Tube oil and gas company reported that the enterprise had been experiencing anomalous disruptions in process flows for two weeks. An investigation showed that Tube faced a sophisticated, multi-stage cyberattack. About six months ago, malware disguised as a legitimate system application infiltrated the computers of ICS operators. The malware, acting like a keylogger, had been stealthily recording every keystroke the entire time (including the instances when operators would enter their credentials). But the story doesn't end there. About two weeks ago, an unknown hacker group launched an attack on the company. Once they infiltrated the infrastructure, the attackers stumbled upon a pleasant surprise: Tube's computers were already infected! All the hackers had to do was extract the accumulated information and use the operator's credentials to access the company's critical systems. By manipulating equipment parameters, the attackers nearly caused a major accident. Fortunately, Tube specialists spotted the trouble just in time to prevent a disaster. However, it's still unclear whether any confidential data has been leaked.

]]> https://14.stf365.com/wiki/oilandgas/hotel/en/tpost/1c2dr2uv61-tampering-of-parking-lot-camera-data https://14.stf365.com/wiki/oilandgas/hotel/en/tpost/1c2dr2uv61-tampering-of-parking-lot-camera-data?amp=true Mon, 25 Nov 2024 00:39:00 +0300 Hotel

Tampering of parking lot camera data

Event description

To forge new economic ties and establish technical cooperation with various enterprises, Tube hosted an industrial energy forum. Before the forum, a section of the parking lot was allocated for speakers and honored guests, and their license plates were entered into the database. However, on the first day of the forum, an unknown hacker group attacked the Netris iStream ITX video recording system and replaced the data stream from IP cameras. As a result, the license plate recognition system couldn't identify attendee cars correctly and the automatic barrier would not open. Soon, a traffic jam formed at the parking lot entrance. The cyberattack caused speakers to be late and multiple presentations to be canceled. Important guests were dissatisfied, and Tube's reputation suffered serious damage.

]]> https://14.stf365.com/wiki/oilandgas/hotel/en/tpost/b3ilkymxd1-escalation-of-privileges-in-video-record https://14.stf365.com/wiki/oilandgas/hotel/en/tpost/b3ilkymxd1-escalation-of-privileges-in-video-record?amp=true Mon, 25 Nov 2024 00:40:00 +0300 Hotel

Escalation of privileges in video recording system

Event description

Unknown intruders drove into the secured area of the Tube oil and gas company, gaining physical access to industrial facilities. The news gave rise to speculation about how they could get past the checkpoint protecting the state-critical infrastructure. It turned out that the intruders were working together with the hackers who breached the Netris iStream ITX video recording system and elevated their privileges to the administrator level. This allowed them to completely control the entry and exit of vehicles on the Tube premises without raising any suspicion.

]]> https://14.stf365.com/wiki/oilandgas/hotel/en/tpost/fsbxovkxs1-fake-parking-permits https://14.stf365.com/wiki/oilandgas/hotel/en/tpost/fsbxovkxs1-fake-parking-permits?amp=true Mon, 25 Nov 2024 00:41:00 +0300 Hotel

Fake parking permits

Event description

Today marks Tube's anniversary. The top management decided to celebrate in style: they invited VIP clients and organized a concert featuring a pop star. For safety reasons, the company's parking lot was supposed to operate on a permit basis, requiring guests to register in advance. However, unknown hackers threw a wrench into those plans by breaking into the control system and manipulating it so that it would let any vehicle enter the parking lot. As a result, VIP guests who came by car for the concert couldn't find any available parking spots, despite having registered beforehand. The guests, who've been eagerly anticipating the event, are disgruntled. Some are venting on social media, saying they had to cancel important meetings just for the celebration. The company owners are also upset—they've lost their clients' trust and revenue due to someone else's mistake.

]]> https://14.stf365.com/wiki/oilandgas/hotel/en/tpost/3vocgmblf1-unauthorized-connection-to-live-streamed https://14.stf365.com/wiki/oilandgas/hotel/en/tpost/3vocgmblf1-unauthorized-connection-to-live-streamed?amp=true Mon, 25 Nov 2024 00:42:00 +0300 Hotel

Unauthorized connection to live-streamed conference meeting

Event description

Today, oil and gas industry workers were celebrating the national oil workers' day at the F Oil Refinery hotel complex. The event was hosted by Tube with great fanfare, with the president of the country's oil and gas union among the invited guests. For those who could not attend the celebration in person, a video conference call was set up. However, the festive atmosphere was soon disturbed by an unknown call participant. Someone using the nickname golden_chicken joined the Zoom live stream. Taking advantage of the screen sharing permission, the intruder hijacked control from the moderator and played a video calling for the abandonment of technology and a return to the ancestors' way of living. The intruder also obtained the mailing list; several people have received phishing emails from the "union president" suggesting that they click a link to "get a gift". Tube's management has already commented on the incident, saying that the breach was made possible by the critical vulnerabilities in an outdated Zoom version used for video calls. The software has already been updated, and the moderation process at meetings is being reviewed.

]]>