A small group of private-sector companies, with help from several U.S. agencies, disrupted ongoing cyberattacks against Colonial Pipeline Co. and more than two dozen other victims, according to people with knowledge of the matter.
Colonial was able to recover some stolen data because of the intervention, which stopped the flow of stolen data headed to Russia — believed to be the ultimate destination, according to three people involved with or briefed about the investigation into the breach.
The takedown, which occurred on Saturday, was enacted by companies that included operators of U.S.-based servers used by the hackers, the people said. The intervention involved the White House, FBI, Cybersecurity and Infrastructure Security Agency and National Security Agency, and shut off key servers used by the hackers, said the people, who requested anonymity because they weren’t authorized to discuss the ongoing investigation.
With your current subscription plan you can comment on stories. However, before writing your first comment, please create a display name in the Profile section of your subscriber account page.