Cyber Incident Victim: Oiltanking GmbH
Date:
Jan 2022
Location:
Germany
Summary
A cyberattack severely disrupted operations at a major German petrol distributor and its affiliated oil supplier, both subsidiaries of a larger corporate group. The incident paralyzed automated fuel loading/unloading systems at 13 tank farms, forcing reliance on alternative charging points for truck servicing. While officials assured no immediate fuel supply shortages for transportation or heating, prolonged IT system outages risked broader supply chain impacts due to the critical infrastructure's full automation dependency. The attack occurred amid government warnings of state-sponsored cyber threats targeting German entities, though no specific attribution was confirmed for this incident.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around January 29, 2022, a cyberattack targeted Oiltanking GmbH, a major German petroleum, oil, and lubricants logistics firm, severely disrupting its operational capabilities. The attack also impacted Mabanaft GmbH, an oil trading and logistics company, with both entities operating as subsidiaries of the Marquard & Bahls energy conglomerate. The incident paralyzed Oiltanking’s automated tank loading and unloading systems, which were rendered inoperable due to the compromise of critical IT infrastructure. This forced the company to halt normal operations at its 13 German tank farms, preventing the servicing of fuel trucks through standard channels. Oiltanking’s role as a supplier to 26 companies, including Shell’s network of 1,955 German gas stations, raised immediate concerns about nationwide fuel shortages. German authorities, including Frank Schaper of the independent tank storage association, publicly asserted the attack did not pose an immediate threat to heating oil or transportation fuel supplies, seeking to mitigate public alarm.
The operational disruption necessitated the implementation of alternative charging points to maintain limited fuel distribution while recovery efforts continued. The inability to revert to manual processes underscored the company’s dependence on computerized systems for core logistics functions. Shell’s reliance on Oiltanking highlighted the potential for cascading economic impacts across Germany’s transportation and commercial sectors had the outage persisted. Although no threat actor was officially attributed, the incident occurred amid warnings from Germany’s Federal Office for the Protection of the Constitution (BfV) about cyberespionage campaigns by APT27, a Chinese state-aligned hacking group. The prolonged IT system outages posed risks of secondary supply chain interruptions, contingent on the duration of recovery efforts. Oiltanking and Mabanaft did not disclose technical specifics of the attack or remediation timelines beyond confirming operational workarounds were in place.