Wood Group Mustang (Houston)
Breach Analysis

• 2023-07-15

  Anomalous activity detected in engineering workstation environment
• 2023-07-16

  OT-adjacent engineering systems isolated to contain spread
• 2023-07-22

  Forensic review identifies scope — 400+ endpoints affected
• 2023-08-30

  Systems restored; enhanced monitoring deployed

How they got in

Initial access via spear-phishing targeting a senior engineer with OT system access. Credential compromise gave attacker lateral access to engineering design systems adjacent to OT infrastructure. No confirmed impact to industrial control systems but close proximity noted.

Sentinel / Fortress / Command coverage

Sentinel ($89/ep/mo) — 24/7 SOC + SIEM. Fortress ($109/ep/mo) — Sentinel + EDR management + vulnerability management. Command ($129/ep/mo) — Fortress + vCISO + compliance mapping + IR plan. See full tier comparison →

Regulatory exposure

5-point hardening list

• 1
  IT/OT network segmentation: engineering workstations on isolated VLAN; no direct access to ICS/SCADA without jump server and MFA
• 2
  OT asset inventory: document all systems with OT access; apply enhanced monitoring and access controls to each
• 3
  Spear-phishing protection: executive and engineer accounts receive enhanced email filtering and quarterly targeted simulation
• 4
  Jump server architecture: all OT-adjacent access via monitored, session-recorded privileged access workstation
• 5
  Incident response playbook specific to OT events: contain engineering network without disrupting production; notify CISA as appropriate

• → DataBreaches.net
• → CISA ICS-CERT Advisories

CoreRecon cites verifiable public sources only. No speculation on unverified attribution is published. Threat actor attribution appears only where publicly confirmed by law enforcement or the organization.