Halliburton confirms cyber incident in SEC filing | CyberScoop<\/title> <meta name=\"description\" content=\"Some company systems were \u201cproactively\u201d taken offline as part of the response, company says.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/halliburton-cyberattack-sec-filing\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Halliburton confirms cyber incident in SEC filing \"> <meta property=\"og:description\" content=\"Some company systems were \u201cproactively\u201d taken offline as part of the response, company says.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/halliburton-cyberattack-sec-filing\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:published_time\" content=\"2024-08-23T14:31:18+00:00\"> <meta property=\"article:modified_time\" content=\"2024-08-23T14:31:19+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/halliburton-confirms-cyber-incident-in-sec-filing-1.jpg\"> <meta property=\"og:image:width\" content=\"1024\"> <meta property=\"og:image:height\" content=\"683\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"AJ Vicens\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@AJVicens\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1721926675g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1723570311g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1724269863g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=ada0ad45b21fc79c6694\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/81486\"><link rel=\"EditURI\" type=\"application\/rsd+xml\" title=\"RSD\" href=\"https:\/\/cyberscoop.com\/xmlrpc.php?rsd\">\n<meta name=\"generator\" content=\"WordPress 6.6.1\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=81486\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fhalliburton-cyberattack-sec-filing%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fhalliburton-cyberattack-sec-filing%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"post-template-default single single-post postid-81486 single-format-standard\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/halliburton-cyberattack-sec-filing\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--event js-stickybar\">\n<div class=\"stickybar__details\" readability=\"4.952380952381\">\n<div class=\"stickybar__info js-sticky-bar-content\" readability=\"32\">\n<p>Voting is open for the 2024 CyberScoop 50 awards! <\/p>\n<\/div>\n<p> <a class=\"stickybar__link button button-tertiary\" href=\"https:\/\/cyberscoop.com\/cyberscoop50\/vote\/\">Click here!<\/a> <\/div>\n<p> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"23.669139465875\">\n<div class=\"single-article__header-content\" readability=\"28.171428571429\">\n<ul class=\"single-article__eyebrow\">\n<li class=\"single-article__category\"> <a class=\"single-article__category-link\" href=\"https:\/\/cyberscoop.com\/news\/threats\/cybercrime\/\"> <span>Cybercrime<\/span> <\/a> <\/li>\n<\/ul>\n<p> Some company systems were \u201cproactively\u201d taken offline as part of the response, company says. <\/p>\n<\/p><\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"427\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/halliburton-confirms-cyber-incident-in-sec-filing.jpg?resize=640%2C427&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/halliburton-confirms-cyber-incident-in-sec-filing-1.jpg 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/halliburton-confirms-cyber-incident-in-sec-filing-1.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/halliburton-confirms-cyber-incident-in-sec-filing-1.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/halliburton-confirms-cyber-incident-in-sec-filing-1.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/halliburton-confirms-cyber-incident-in-sec-filing-1.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/halliburton-confirms-cyber-incident-in-sec-filing-1.jpg?resize=505,337 505w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/08\/halliburton-confirms-cyber-incident-in-sec-filing-1.jpg?resize=1012,675 1012w\" sizes=\"(max-width: 1012px) 100vw, 1012px\"><figcaption> An entrance sign stands near Halliburton Headquarters on June 15, 2024 in Houston, Texas. (Photo by Brandon Bell\/Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"34.708158116064\"><body readability=\"70.04265129683\"><\/p>\n<p>U.S. energy services titan Halliburton proactively took certain systems offline \u201cto help protect them\u201d after a cyberattack this week, the company said Friday in a filing with federal regulators.<\/p>\n<p>The company learned Wednesday that \u201can unauthorized third party gained access to certain parts of its systems\u201d and that it was working with external advisers to assess and remediate the situation, the company said in <a href=\"https:\/\/www.sec.gov\/Archives\/edgar\/data\/45012\/000004501224000049\/hal-20240821.htm\">a Securities and Exchange Commission filing<\/a>. \u201cThe Company\u2019s response efforts included proactively taking certain systems offline to help protect them and notifying law enforcement. The Company\u2019s ongoing investigation and response include restoration of its systems and assessment of materiality.\u201d<\/p>\n<p>A Halliburton spokesperson told CyberScoop late Wednesday that the company was \u201caware of an issue affecting certain company systems\u201d and that it was working to understand the cause and potential impact.<\/p>\n<p>Reuters was the <a href=\"https:\/\/finance.yahoo.com\/news\/top-us-oilfield-firm-halliburton-195505889.html\">first to report the attack Wednesday evening<\/a>, citing sources familiar with the matter. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The FBI declined to comment. The Cybersecurity and Infrastructure Security Agency referred questions to Halliburton.<\/p>\n<p>A Department of Energy spokesperson said Thursday that the agency is \u201caware of reports of a cyber incident impacting an energy services company; however, the exact nature of the incident is unknown at this time.\u201d There are so far no indications that the incident is impacting energy services, the spokesperson said.<\/p>\n<p>The attack on Halliburton is the latest in a string of high-profile cyber incidents involving major companies, including <a href=\"https:\/\/cyberscoop.com\/tag\/cdk-global\/\">CDK Global<\/a>, <a href=\"https:\/\/cyberscoop.com\/tag\/ticketmaster\/\">Ticketmaster<\/a>, Clorox, <a href=\"https:\/\/cyberscoop.com\/com-scattered-spider-tradecraft\/\">MGM Resorts<\/a> and <a href=\"https:\/\/cyberscoop.com\/tag\/caesars\/\">Caesars Entertainment<\/a>.<\/p>\n<p>A survey <a href=\"https:\/\/cyberscoop.com\/ransomware-energy-oil-gas-report\/\">conducted in early 2024 by the cybersecurity firm Sophos<\/a> found that although ransomware attack rates broadly may be falling, recovery times for energy, oil and natural gas and utilities <a href=\"https:\/\/cyberscoop.com\/ransomware-energy-oil-gas-report\/\">have been steadily increasing<\/a> since at least 2022.<\/p>\n<p>The incident is reminiscent of the May 2021 ransomware attack <a href=\"https:\/\/cyberscoop.com\/tag\/colonial-pipeline\/\">against Colonial Pipeline<\/a>, which halted fuel sales along the East Coast. The ransomware attack by the Dark Matter variant did not hit OT networks, but the company took down their systems out of an abundance of caution.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Halliburton is one of the biggest oil service companies in the world, employing just under 50,000 people globally in more than 70 countries. The company is involved in almost the entire petroleum and natural gas supply chain, such as the maintenance of oil wells. In the second quarter of 2024, Halliburton generated around $5.8 billion in total company revenue, according <a href=\"https:\/\/ir.halliburton.com\/static-files\/39338f9a-0736-40ba-8b17-9a8fcd24e499\">to recent SEC filings<\/a>.<\/p>\n<p>Marco Ayala, president of InfraGard Houston Members Alliance, said critical infrastructure owners and operators should prepare for when an incident occurs, which seems to have been the case with Halliburton. Ayala, who has decades of experience in the oil and gas sector, said the company appeared to have a \u201cresponse plan and their teams are working diligently to isolate and remediate the incident.\u201d <\/p>\n<p>Ayala also stressed the importance of separating networks so cyberattacks on critical services will have a limiting impact.<\/p>\n<p>\u201cIt\u2019s crucial that the operational technology they provide \u2014 and that major oil and gas companies rely on \u2014 has true demarcation,\u201d Ayala said. \u201cKeeping enterprise IT and operational technology (OT) segmented and capable of quick demarcation is essential to minimize the spread and impact of such threats.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"0.61458333333333\">\n<div class=\"author-card\" readability=\"7\">\n<p><h4 class=\"author-card__name\">Written by AJ Vicens and Christian Vasquez<\/h4>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<p>  <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/halliburton-cyberattack-sec-filing\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Halliburton confirms cyber incident in SEC filing | CyberScoop Skip<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[413,282,2507,873,46],"tags":[415,286,2508,875,54],"class_list":["post-5000","post","type-post","status-publish","format-standard","hentry","category-critical-infrastructure","category-cybercrime","category-halliburton","category-ics","category-ransomware","tag-critical-infrastructure","tag-cybercrime","tag-halliburton","tag-ics","tag-ransomware"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/critical-infrastructure\/\" rel=\"category tag\">critical infrastructure<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/halliburton\/\" rel=\"category tag\">Halliburton<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ics\/\" rel=\"category tag\">ics<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/ransomware\/\" rel=\"category tag\">ransomware<\/a>","tag_info":"ransomware","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5000","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=5000"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/5000\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=5000"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=5000"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=5000"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":5000,"date":"2024-08-23T09:31:18","date_gmt":"2024-08-23T14:31:18","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=81486"},"modified":"2024-08-23T09:31:18","modified_gmt":"2024-08-23T14:31:18","slug":"halliburton-confirms-cyber-incident-in-sec-filing","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/08\/23\/halliburton-confirms-cyber-incident-in-sec-filing\/","title":{"rendered":"Halliburton confirms cyber incident in SEC filing\u00a0"},"content":{"rendered":"