Taiwan’s state-owned energy company suffers ransomware attack


Written by

Ransomware has struck the computer systems of Taiwan’s state-owned energy company, CPC Corp., according to local media and private forensic reports reviewed by CyberScoop.

CPC Corp., an important national asset responsible for delivering oil products and importing liquefied natural gas (LNG), said Tuesday that, after hackers attacked its IT network, the company had restored some of it computers and servers. Although the attack didn’t affect the company’s energy production, it did disrupt some customers’ efforts to use CPC Corp.’s payment cards to purchase gas.

In Taiwan, CPC represents a high-value target for malicious hackers. Taiwan is heavily reliant on imports for its energy needs, and the company has invested in a number of offshore oil and gas projects.

CPC’s official statement did not mention ransomware, but private-sector reports obtained by CyberScoop shed more light on the incident.

Two of the malicious files used in the attack are detected as ransomware on VirusTotal, the public malware analysis repository, according to a private analysis shared with CyberScoop. The report, distributed to Taiwanese security professionals on Tuesday, refers to a cyberattack on a “state-owned enterprise.” A source familiar with the document, which included a screenshot of an apparent ransom note, said that enterprise is CPC.

On Tuesday, Trend Micro, a multinational cybersecurity company, also alluded to the incident in an alert to customers. The advisory, which referred to the same ransomware samples, warned Trend Micro customers of ongoing ransomware threats to Taiwanese companies and told them to seek help if they saw attempts to break into their systems.

Taiwanese authorities have yet to name a culprit in the attack on CPC.

After its website was down for much of Tuesday, CPC Corp. struck a defiant tone when it was finally able to post its statement online, pledging to “introduce a more rigorous security detection system.”

The U.S. government has previously tried to bolster the cybersecurity defenses of Taiwan, which China considers its territory. In November, the American Institute in Taiwan, the de-facto U.S. embassy on the island, sponsored a drill that simulated attacks on Taiwanese public and private organizations.

-In this Story-

critical infrastructure, energy, incident response, oil, ransomware, taiwan, Trend Micro, VirusTotal