Colonial Pipeline may have been using an outdated version of Microsoft Exchange when it was targeted by a ransomware attack late last week.
A forensic report noted that the "most likely culprit" within the company’s IT infrastructure was the vulnerable Microsoft Exchange services, as noted by New York Times reporter Nicole Perlroth, though there were several other issues that researchers characterized as an overall "lack of cybersecurity sophistication."
A spokesperson for Microsoft said it had not seen evidence to support those assertions.
"We have not seen any evidence to support the speculation that this ransomware attack is related to Exchange vulnerabilities. Such a tactic is not consistent with the known behaviors of these attackers," a Microsoft spokesperson said in a statement.
The Cybersecurity and Infrastructure Security Agency warned pipeline operators about potential ransomware attacks in 2020 and offered a number of potential mitigation strategies.
The FBI confirmed that it believes the DarkSide ransomware is responsible for the attack. DarkSide is a criminal group with origins in Russia.
Colonial Pipeline took its systems down to contain the threat. Its major pipelines were still down as of Tuesday.
The pipeline transports 100 million gallons of fuel each day, including 45% of all fuel consumed on the East Coast. Its products range from various grades of gasoline, diesel fuel, home heating oil, jet fuel, and fuels for the U.S. military.
On Monday night, Line 4, which runs from Greensboro, North Carolina, to Woodbine, Maryland, was temporarily operating under manual control while existing inventory is available, the company said.