Cyberattack causes chaos at key European oil terminals

Cyberattacks targeting oil loading facilities have spread to key terminals in the Amsterdam-Rotterdam-Antwerp (ARA) refining hub, having affected operations in Germany earlier in the week, several trading and industry sources said Feb. 3.

This is especially impacting the flow of oil products such as heating oil, diesel, jet fuel, gasoline and fuel oil in Antwerp, Hamburg, Amsterdam, Ghent and Terneuzen, with many cargoes and barges being diverted to other terminals in the region.

Sources said the attack was causing "massive issues" in Antwerp, where loading operations were affected across all products.

A total of 17 terminals (11 in Germany and six in ARA) have so far been affected, sources told S&P Global Platts.

Traders said the incident had resulted in many tankers being unable to load, as loading and unloading at the tank farms is largely an automated process.

"A lot of rerouting is happening, so not sure if congestion has built up, but it is not strange in ARA anyway. Though a lot of barges are already being rerouted," said a Europe-based shipbroker.

SEA-invest which operates many terminals in Belgium and the ARA hub confirmed in a statement that "several" of its terminals at "home and abroad were affected" by a cyberattack on Jan. 30.

One Antwerp-based trader said the situation was starting to improve slightly with some loadings resumed at one of Antwerp's terminals by the afternoon of Feb. 3, though the port was still congested, he added.

Limited capacity

Some German oil terminals and storage sites are continuing to operate at limited capacity following a Jan. 29 cyberattack targeting energy company Mabanaft Group and storage company Oiltanking Group, both said Feb. 1.

These incidents have affected the supply of some oil products in Germany, Europe's biggest oil consumer, especially in the key port of Hamburg.

Oiltanking Deutschland still has force majeure in place at its 11 German terminals while Mabanaft Deutschland also said it had declared force majeure for the majority of its inland supply activities in Germany.

The two companies said in a joint statement on Jan. 31 they had been the victim of a cyberattack on Jan. 29 that had affected their IT systems.

Oiltanking Deutschland operates 11 terminals in Germany -- Endorf, Berlin, Duisburg, Frankfurt am Main, Gera, Hamburg-Blumensand, Hamburg-Waltershof, Hamm, Hanau, Karlsruhe and Rheinau-Honau. The 11 terminals have a total storage capacity of 2.375 million cu m and total throughput at the terminals in 2020 was 18.2 million mt, according to its website.

Mabanaft is a key supplier of oil products such as heating oil, diesel, jet fuel, gasoline and other oil products in Germany and the neighboring Amsterdam-Rotterdam-Antwerp area.

Cyberattacks have emerged as a growing threat to commodity supply chains and companies are starting to prioritize cyber security.

According to data compiled by Platts, there have been more than 20 cyber security incidents over the past two years targeting companies operating in commodity markets from energy to metals.

In May 2021, the Colonial Pipeline in the US halted all operations because of a cyberattack involving ransomware.

The line was the primary artery for gasoline and refined products for much of the US Gulf Coast and Atlantic Coast delivering more than 100 million gallons/day of fuel and heating oil.