AlphV ransomware group targets Trans-Northern Pipeline, exposing data. Impact on operations minimal, investigation ongoing. (Getty Images)
The AlphV ransomware group has allegedly targeted Trans-Northern Pipeline, a significant oil transmission operator in Canada, responsible for managing pipelines across three provinces. The news of this cyber incident was brought to light by Brett Callow, a threat researcher at Emsisoft, who disclosed the information via a tweet on a popular social media platform.
According to the claims made by the AlphV gang, they have obtained approximately 190 gigabytes of data from Trans-Northern, which they assert is now accessible to the public. In response to inquiries regarding the incident, Trans-Northern released a statement acknowledging a cybersecurity breach that occurred in November 2023, affecting a limited number of internal computer systems. The company assured that they swiftly engaged third-party cybersecurity experts to contain the situation, emphasizing that their pipeline operations remained unaffected by any unusual disruptions.
Lisa Dornan, the communications team leader at Trans-Northern, stated that there were no reported interruptions to the pipeline operations that deviated from the normal course of business. However, the company refrained from providing specific details regarding the extent of data stolen, encrypted, or whether any sensitive information pertaining to employees or customers was compromised.
In an update, a representative from the Alberta Energy Regulator confirmed awareness of the November cyberattack on Trans-Northern but did not specify the exact timing of their notification.
Trans-Northern manages two primary pipelines: one transporting oil between Calgary and Edmonton, and another spanning from Nanticoke, Ontario, through Toronto to Montreal.
Additionally, the AlphV ransomware group implicated The Source, a Canadian electronics retailer owned by BCE, the parent company of Bell Canada, as another victim of their cyber activities.
AlphV, also known as BlackCat, has garnered attention from government authorities due to its persistent cyber operations. In December of a previous year, the U.S. Justice Department announced the disruption of the group's activities, aided by the distribution of a decryption tool to over 500 affected organizations. Furthermore, the U.S. government seized control of several websites associated with the gang.
There is a debate among cybersecurity experts regarding the targeting of ransomware victims, with some attributing attacks to application vulnerabilities or exploitation of stolen credentials. AlphV operates on a ransomware-as-a-service model, collaborating with affiliates who specialize in infiltrating corporate networks.
Critical infrastructure entities such as pipelines present attractive targets for extortion, as demonstrated by the ransomware attack on the U.S. Colonial Pipeline in 2021. The incident forced the company to halt operations temporarily, causing disruptions in fuel supply and distribution along the eastern coast. Colonial's experience highlighted the risks associated with cyber threats to essential infrastructure, prompting increased scrutiny and intervention from government agencies.
During a Congressional hearing, the CEO of Colonial Pipeline revealed that hackers gained access to their systems by exploiting a single password associated with a legacy Virtual Private Network (VPN) lacking multifactor authentication measures.
