Sage detects SWD cybersecurity attack
Key Highlights
- Sage Energy Partners/Sage Water Resources hardened its security after a targeted cyber incident.
- Unauthorized activity was reported on a PLC system in a SWD facility in Duchesne, UT.
- The PLC operational logic has been restored and protected.
Sage Energy Partners/Sage Water Resources (SWR) completed a comprehensive security hardening of its Programmable Logic Control (PLC) automation system following a targeted cyber incident.
On March 15, 2026, SWR detected unauthorized activity on its PLC at its saltwater disposal (SWD) facility in Duchesne, UT. Forensic analysis conducted in coordination with federal law enforcement and cybersecurity experts confirmed the activity was a malicious logic manipulation carried out by an advanced nation-state threat actor. The attack was consistent with a broader, sophisticated campaign targeting critical infrastructure operators across the United States energy and water sectors.
Thanks to the vigilance of an early morning truck driver and the rapid response of SWR’s operations team, the unauthorized logic changes were detected and mitigated before causing physical or environmental damage. The PLC operational logic has been successfully restored and is now protected by an extensive Virtual Private Network (VPN).
Following a rigorous forensic investigation, SWR has successfully transitioned its network environment from a legacy configuration to one of the most advanced PLC/VPN configurations in the oilfield.
The saltwater disposal facility is in Uinta Basin, Utah and can inject up to 22,000 b/d.