Cyber Incident Victim: Mabanaft GmbH

A cyberattack targeting Oiltanking GmbH, a major German petrol distributor and subsidiary of the Marquard & Bahls group, severely disrupted operations on or around January 29, 2022. The incident also impacted Mabanaft GmbH, an affiliated oil supplier under the same parent company, suggesting a potential breach point at the corporate group level. The attack paralyzed Oiltanking’s automated tank loading and unloading systems, which relied entirely on computerized processes with no manual fallback option. This forced the company to halt operations at its 13 German tank farms, leaving them unable to serve fuel trucks. Oiltanking supplies 26 companies across Germany, including Shell’s network of 1,955 gas stations, raising immediate concerns about nationwide fuel shortages. German media reported fears of cascading effects on transportation and heating fuel availability, though officials later sought to downplay imminent supply risks.

In response, Oiltanking implemented contingency measures by redirecting operations to alternative charging points while working to restore its primary systems. The company issued a public statement acknowledging the attack’s operational impact but did not disclose technical details about the intrusion vector or affected infrastructure. Frank Shaper, managing director of Germany’s tank storage association, confirmed the incident posed no immediate threat to national fuel supplies but warned prolonged IT disruptions could strain supply chains. The German domestic intelligence service (BfV) had issued an alert one week prior about cyberattacks by the Chinese state-linked APT27 group, though no attribution was confirmed for this incident. Analysts noted the attack’s potential to cause large-scale economic disruption given Oiltanking’s critical role in fuel logistics, particularly through its Shell supply contract. Recovery efforts remained ongoing as of February 1, 2022, with no public timeline for full restoration of automated systems.