Incident Awareness – Canadian Pipeline Confirms November Breach, ALPHV/BlackCat Claims Responsibility

The Trans-Northern Pipelines (TNPI), a Canadian pipeline located in Ontario-Quebec, confirmed yesterday that its internal network was breached in November. TNPI operates 726 total miles of pipeline across Ontario and Alberta, transporting 221,300 barrels daily. The threat group ALPHV/BlackCat has claimed responsibility for the breach, added Trans-Northern to its blackmail site on Tuesday, and purports to have stolen 190 GB of data from the oil distributor. TNPI affirmed that the incident was quickly contained upon identification of the attack in November and has stated “we continue to safely operate our pipeline systems.”

ALPHV/BlackCat has been active since November 2021 and is believed to be a rebrand of the DarkSide and BlackMatter ransomware groups which gained notoriety after the Colonial Pipeline attack. 

The disclosure of the attack on TNPI come as threat actors continue to target other critical infrastructure organizations across multiple sectors. For more details, access Bleeping Computer.