In January 2018, the Port of Longview (WA, USA) fell victim to a targeted cyber attack orchestrated by Kazakh hacker Andrey Turchin (alias 'fxmsp'), who compromised two administrator accounts. The breach exposed sensitive data of hundreds of past and current employees (potentially 370 individuals) and dozens of vendors (47), including 22 longshoremen. While the financial impact was estimated at $60,000, the primary damage stemmed from unauthorized access to internal systems, risking employee and vendor data leaks though no evidence confirmed large-scale data theft or operational disruption. Investigators traced the attack to IP addresses in Russia, Liberia, and Kazakhstan, linking it to Turchin, who faced five criminal charges, including conspiracy to commit wire fraud (20-year max sentence). The attack underscored vulnerabilities in port infrastructure, highlighting risks to employee privacy and third-party vendor security without escalating to broader systemic or existential threats.
Source: https://www.seculore.com/resources/cyber-attack-archive/washington
TPRM report: https://www.rankiteo.com/company/port-of-longview
"id": "por419092125",
"linkid": "port-of-longview",
"type": "Cyber Attack",
"date": "1/2018",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'transportation/logistics',
'location': {'city': 'Longview',
'country': 'USA',
'state': 'Washington'},
'name': 'Port of Longview',
'type': 'government entity (port authority)'}],
'attack_vector': ['credential theft', 'unauthorized access'],
'data_breach': {'data_exfiltration': True,
'number_of_records_exposed': {'employees': {'current_and_past': 370,
'longshoremen': 22},
'vendors': 47},
'personally_identifiable_information': True,
'sensitivity_of_data': ['personally identifiable information '
'(PII)'],
'type_of_data_compromised': ['employee data', 'vendor data']},
'date_detected': '2018-01',
'description': 'In January 2018, the Port of Longview, WA, USA, was targeted '
'by a hacking attack carried out by Kazakh hacker Andrey '
"Turchin (a.k.a. 'fxmsp'). The attack compromised two "
'administrator accounts, potentially affecting hundreds of '
'past and current employees, dozens of vendors, and 22 '
'longshoremen. The estimated financial cost was $60,000. '
'Investigators traced the attack to ISP addresses in Russia, '
'Liberia, and Kazakhstan. Turchin faces five criminal charges, '
'including conspiracy to commit wire fraud (up to 20 years '
'imprisonment).',
'impact': {'data_compromised': True,
'financial_loss': '$60,000',
'identity_theft_risk': True,
'legal_liabilities': ['criminal charges against threat actor '
'(Andrey Turchin)']},
'initial_access_broker': {'entry_point': ['compromised administrator '
'accounts'],
'high_value_targets': ['employee data',
'vendor data']},
'investigation_status': {'findings': {'geographic_tracing': ['Russia',
'Liberia',
'Kazakhstan (ISP '
'addresses)'],
'legal_action_taken': True,
'threat_actor_identified': True},
'status': 'completed'},
'motivation': ['financial gain', 'fraud', 'cybercrime'],
'post_incident_analysis': {'root_causes': ['weak credential security',
'unauthorized access via '
'administrator accounts']},
'regulatory_compliance': {'legal_actions': ['criminal prosecution of Andrey '
'Turchin (five counts, including '
'conspiracy to commit wire '
'fraud)']},
'response': {'law_enforcement_notified': True,
'third_party_assistance': ['investigative authorities']},
'threat_actor': {'alias': ['fxmsp'],
'location': ['Kazakhstan'],
'motivation': ['financial gain', 'cybercrime'],
'name': 'Andrey Turchin'},
'title': 'Cyberattack on the Port of Longview (2018)',
'type': ['cyberattack', 'account compromise', 'data breach']}