Cyber Incident Victim: CSE Mecanica e Instrumentação SA
Date:
Feb 2023
Location:
Brazil
Summary
Aker Solutions' Brazilian subsidiary, CSE, experienced a cyber attack compromising its IT systems, with attackers encrypting files and blocking data access. The parent company initiated containment efforts, including temporarily shutting down most of the subsidiary's IT infrastructure, and engaged external experts and local authorities to resolve the incident. There were no indications of the attack spreading beyond CSE's systems. The subsidiary, specializing in offshore oil and gas maintenance services with approximately 100 employees, faced operational disruptions, though the broader organization worked to minimize impacts on stakeholders.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On February 14, 2023, Aker Solutions disclosed a cyber attack targeting IT systems at its Brazilian subsidiary, CSE Mecanica e Instrumentação SA (CSE). The attackers infiltrated CSE’s network, encrypted digital files, and locked access to data, effectively disrupting operational systems. Upon detection, Aker Solutions initiated containment measures, including the temporary shutdown of most IT infrastructure supporting CSE’s business operations. The parent company mobilized its global IT team alongside external cybersecurity experts to neutralize the attack and assess the breach’s scope. Aker Solutions confirmed the intrusion was isolated to CSE, with no evidence of propagation to other corporate entities or wider IT environments. Brazilian authorities were notified as part of the incident response protocol. CSE, a fully owned subsidiary providing maintenance and modification services to offshore oil and gas installations in Brazil, employs approximately 100 personnel whose workflows were immediately interrupted by the system outages. The attackers’ encryption of files directly impaired data accessibility, though the specific systems compromised were not detailed beyond general IT infrastructure references.
Aker Solutions prioritized minimizing operational downtime and mitigating stakeholder impacts, though service delivery timelines for CSE’s oil and gas clients were presumably affected by the IT disruptions. The company did not disclose whether customer data was exfiltrated or solely encrypted, nor did it identify the threat actors or their motives. Recovery efforts focused on restoring encrypted data and system functionality, with no mention of ransom negotiations or payments. Business continuity measures included maintaining manual or alternative processes during the IT outage, though the duration of disruptions remained unreported. Communication channels with employees, customers, and partners were activated to provide updates, emphasizing containment and remediation progress. The incident’s financial, reputational, or contractual consequences were not quantified, but the strategic shutdown of CSE’s IT assets reflected a deliberate trade-off between operational pause and risk containment. Aker Solutions reiterated its commitment to limiting cascading effects while resolving the incident through coordinated technical and external partnerships, with no subsequent disclosures on final resolution timelines or forensic findings.