Evos

Evos operates oil terminals in the Netherlands, Belgium, and Malta, providing critical infrastructure for the storage and handling of petroleum products. The company's facilities are integral to the logistics chain, enabling the loading and unloading of oil tankers and supporting the subsequent distribution of fuel to retail networks. Its operational footprint spans multiple European countries, positioning it within the essential energy supply sector. The nature of its business involves managing physical infrastructure where large volumes of hazardous materials are transferred, making security and continuity paramount. As a terminal operator, Evos serves as a key node between maritime import/export and inland fuel distribution systems. The company's services directly impact the availability of refined products for consumers and industries across its operational regions. Its terminals function under strict safety and environmental regulations due to the volatile commodities handled. The core business model revolves around providing berthing, storage tanks, and pipeline connections for oil traders and refiners. This role places Evos within the critical infrastructure category, where operational disruptions can have cascading effects on regional fuel supply chains. The company's activities are therefore subject to heightened scrutiny regarding resilience against physical and cyber threats.

In late January 2022, Evos experienced a significant cyber attack that targeted its terminal operations across the three countries where it operates. The incident caused measurable operational disruptions, specifically slowdowns in the loading and unloading processes for oil tankers. These delays at Evos facilities, combined with similar concurrent attacks on other companies' terminals in Europe and Africa, collectively strained fuel distribution networks by postponing oil deliveries to downstream retail sources. Cybersecurity authorities investigating the incident indicated a likely criminal motive, though public speculation also considered possible connections to broader geopolitical tensions. The specific attack methods employed were never officially confirmed, though unverified reports from the period suggested the possible involvement of ransomware strains such as BlackCat or Conti. This event underscored the persistent vulnerability of critical energy infrastructure to cyber threats, particularly from sophisticated ransomware groups. The attacks on Evos and its peers demonstrated how targeting operational technology at terminal facilities could directly interrupt physical supply chains. The incident served as a notable case study in the evolving threat landscape where cyber activity can cause tangible real-world disruptions to essential services. No definitive evidence was ever published establishing a coordinated link between the various terminal attacks, leaving the full scope of the campaign unclear. The event highlighted the need for robust cyber defenses in the operational technology environments of critical infrastructure operators like Evos.