Cyber Incident Victim: Sea-Invest
Date:
Jan 2022
Location:
Belgium
Summary
A major global terminal operator experienced a ransomware attack disrupting operations across multiple international terminals, though its dry bulk division remained unaffected. The liquid bulk operations resumed within days, while container and fruit-handling activities faced prolonged delays. Security firm Secutec assisted in isolating the malware, leveraging intact backups to rebuild systems with a team of 40 experts working continuously. Investigators attributed the incident to a sophisticated ransomware group, with European authorities examining potential links to BlackCat and Conti actors but finding no evidence of coordination with concurrent attacks on oil infrastructure in neighboring countries. The company confirmed no communication with the attackers, and law enforcement including Belgium's Federal Computer Crime Unit joined the investigation.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On the night of Sunday, January 30, 2022, hackers successfully crippled the core network of Sea-Invest, a major global terminal operator specializing in dry bulk, liquid bulk, container handling, and fruit logistics across 25 ports in eight European and African countries. The ransomware attack forced activities at multiple international terminals to a standstill, though the dry bulk division continued operations uninterrupted. Sea-Invest immediately engaged cybersecurity firm Secutec to assist with containment and recovery efforts. Rapid detection allowed the company to isolate the malware and implement protective measures to shield customers and suppliers from collateral damage. By Wednesday evening, Sea-Invest restored operations for its liquid bulk division (Sea-Tank), but container and fruit-handling activities remained disrupted. Secutec characterized the attack as involving "powerful ransomware from a large hacker group" but confirmed backup systems remained intact, enabling network reconstruction using existing components. A team of 40 IT experts worked 24/7 to restore full functionality across all divisions, with a focus on reviving container and fruit operations in subsequent days and weeks.
The incident prompted involvement from Belgium’s Federal Computer Crime Unit due to its international scope, though investigators found no evidence of communication between Sea-Invest and the attackers. Concurrently, European cybersecurity agencies investigated similar attacks on oil and chemical sector organizations in Belgium, the Netherlands, and Germany, including disruptions at German firms Oiltanking GmbH and Mabanaft GmbH that forced Shell to reroute oil supplies. Officials from the Centre for Cyber Security Belgium and the Dutch National Cyber Security Center stated no technical evidence linked these incidents, attributing them instead to separate criminal ransomware groups like BlackCat and Conti rather than coordinated or nation-state activity. Sea-Invest’s global operations—which employ 5,500 workers and handled over 150 million tons of goods in the prior year—faced significant logistical challenges during the recovery phase, though critical bulk divisions regained functionality within days while other services required extended remediation.