{ "Event": { "analysis": "1", "date": "2014-12-20", "extends_uuid": "", "info": "[Threat Intel] Media report of the Baku-Tbilisi-Ceyhan (BTC) pipeline Cyber Attack", "protected": false, "publish_timestamp": "1772419583", "published": true, "threat_level_id": "2", "timestamp": "1772419581", "uuid": "4aa91a18-4394-4d2d-94f8-8fdf24177882", "Orgc": { "name": "Rectifyq", "uuid": "cd9bd516-61fa-476b-980f-2f8de03992d4" }, "Tag": [ { "colour": "#ffffff", "local": false, "name": "tlp:clear", "relationship_type": "" }, { "colour": "#004646", "local": false, "name": "type:OSINT", "relationship_type": "" }, { "colour": "#49a260", "local": false, "name": "rectifyq:category=\"threat\"", "relationship_type": "" }, { "colour": "#150050", "local": false, "name": "rectifyq:sub-category=\"report\"", "relationship_type": "" }, { "colour": "#190061", "local": false, "name": "rectifyq:topic=\"ics-ot\"", "relationship_type": "" }, { "colour": "#d92121", "local": false, "name": "rectifyq:target=\"targeted\"", "relationship_type": "" }, { "colour": "#31373d", "local": false, "name": "rectifyq:MY-relevancy=\"not-relevant\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:target-information=\"Turkey\"", "relationship_type": "" }, { "colour": "#1c006d", "local": false, "name": "rectifyq:topic=\"geopolitical\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"georgia\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:country=\"russia\"", "relationship_type": "" }, { "colour": "#8de1e8", "local": false, "name": "SANS-ICS515", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Alarm Suppression\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of Control\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Loss of View\"", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:mitre-ics-techniques=\"Manipulation of Control\"", "relationship_type": "" }, { "colour": "#dff146", "local": false, "name": "IT-impact-ICS", "relationship_type": "" }, { "colour": "#0088cc", "local": false, "name": "misp-galaxy:sector=\"Industrial\"", "relationship_type": "" }, { "colour": "#b94b1d", "local": false, "name": "rectifyq:mitre-att&ck=\"none-from-src\"", "relationship_type": "" } ], "Attribute": [ { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771798948", "to_ids": false, "type": "link", "uuid": "9d894477-adef-4368-b089-223bb97f585d", "value": "https://assets.contentstack.io/v3/assets/blt36c2e63521272fdc/bltb3daf0879ae8ca35/6323756b809ac764c96d895b/ICS-UseCase1-Media-report-of-the-BTC-pipeline-Cyber-Attack.pdf" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771798948", "to_ids": false, "type": "link", "uuid": "852eb6ff-cd84-4264-ba0c-b0684d35870a", "value": "https://www.bloomberg.com/news/articles/2014-12-10/mysterious-08-turkey-pipeline-blast-opened-new-cyberwar" }, { "category": "External analysis", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771798948", "to_ids": false, "type": "link", "uuid": "6288983a-8bc8-4b2b-8d7d-3a4ea21b3ab2", "value": "http://web.archive.org/web/20150207203849/http://www.registan.net/wp-content/uploads/2009/08/US-CCU-Georgia-Cyber-Campaign-Overview.pdf" }, { "category": "Targeting data", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771799301", "to_ids": false, "type": "target-org", "uuid": "9a11b4a4-9a14-4ead-99fb-5a3be23a2004", "value": "Baku-Tbilisi-Ceyhan (BTC) pipeline" }, { "category": "Other", "comment": "", "deleted": false, "disable_correlation": false, "timestamp": "1771800378", "to_ids": false, "type": "text", "uuid": "ec0d750e-7244-4d31-a27b-08605359b5f9", "value": "Initial reports surfaced in 2009 that a state-sponsored cyber actor had successfully intruded upon servers essential to the BTC pipeline operations and caused a temporary disruption in pipeline transfers.1\r\n It was further reported that a team of western experts were able to assist the pipeline operator in restoring the system enabling a return to normal operations. Few details were provided\r\nother than speculation that Russian hackers through the Agency of Russian Special Services had performed the attack.\r\nReporting surfaced in December of 2014, indicating the \u201cdisruption\u201d had actually involved a pipeline rupture and explosion due to an intentional over pressurization of the pipe but in 2008. 2,3\r\n Cyber attackers were said to have gained access to the pipeline\u2019s control system and were able to suppress alarms, manipulate the process, and blind system operators." } ] } }