Cyber Incident Victim: Marquard & Bahls
Date:
Jan 2022
Location:
Germany
Summary
A cyberattack severely disrupted operations at Marquard & Bahls subsidiaries Oiltanking and Mabanaft, critical German fuel distribution firms supplying numerous companies including Shell. The incident paralyzed automated tank loading systems, forcing reliance on alternative charging points due to the inability to revert to manual processes. While officials assured no immediate fuel shortages, prolonged IT disruptions risked broader supply chain impacts across transportation and heating sectors. The attack occurred amid heightened warnings from German intelligence regarding state-sponsored cyber threats, though no specific actor was attributed. Operational paralysis across Oiltanking's 13 tank farms significantly hindered fuel delivery capabilities, highlighting vulnerabilities in industrial automation infrastructure.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 3 motives | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On or around January 29, 2022, a cyberattack severely disrupted operations at Oiltanking GmbH, a German fuel distributor and subsidiary of Marquard & Bahls. The incident also impacted Mabanaft GmbH, another Marquard & Bahls subsidiary involved in oil supply. The attack paralyzed Oiltanking’s automated tank loading and unloading systems, which were entirely dependent on computerized processes with no manual fallback option. This forced the company’s 13 German tank farms to suspend normal truck servicing operations. Oiltanking supplied 26 companies across Germany, including Shell’s network of 1,955 gas stations, prompting immediate media concerns about nationwide fuel shortages. German officials, including Frank Shaper of the tank storage association, publicly stated the attack did not yet endanger fuel supplies for transportation or heating, though they acknowledged significant operational disruption. The company implemented workarounds using alternative charging points while attempting to restore systems.
The cyberattack’s technical impact prevented standard fuel distribution workflows, creating potential supply chain risks if IT systems remained offline for an extended period. Oiltanking and Mabanaft issued formal statements confirming the operational paralysis but did not disclose specific technical details about the attack vector or compromised infrastructure. The incident occurred shortly after Germany’s Federal Intelligence Service (BfV) warned companies about ongoing cyber operations by APT27, a Chinese state-sponsored hacking group. While no attribution was officially made for the Marquard & Bahls subsidiaries’ breach, analysts noted the possibility of state actor involvement given the scale of disruption and strategic targeting of energy infrastructure. No ransomware claims or data exfiltration evidence was publicly reported during the initial response phase.