Attacks and Vulnerabilities
Critical infrastructure
News
Risk & Compliance
Threat Landscape
Utilities: Energy & Power, Water, Waste

Anonymous hackers strike German subsidiary of Russian energy company Rosneft

March 15, 2022
Anonymous hackers strike German subsidiary of Russian energy company Rosneft

Anonymous hacker group said on Monday that they have attacked the systems of the German subsidiary of Russian energy giant Rosneft and stolen 20TB of data. The breach has not affected Rosneft’s business or the supply situation, though the company’s systems have been affected. However, the attack prompted German security authorities to issue a security warning to other stakeholders in the petroleum industry. 

The group said in a Twitter message that “#Anonymous hijacks data from Rosneft Gained access to the servers of Rosneft Deutschland, a subsidiary of the Russian oil company. The head of #Rosneft, is a Russian politician & manager. He has been a close confidant of Putin since the 1990s.”

In another Twitter message on Monday, the group confirmed that it “caused extensive damage. The attack captured a total of 20TB of data #Rosneft is Russia’s largest oil producer and is also involved in critical infrastructure in Germany.”

The news of the recent attack on Rosneft was confirmed by the German Federal Office for Information Security (BSI). According to German newspaper WELT, the company reported an IT security incident on Saturday night. The BSI has offered its support to investigate the security breach. At the same time, the WELT reported that the authorities issued a security warning to other stakeholders in the petroleum industry, it added.

So far, the newspaper added that there had been no effect on Rosneft’s business or the supply situation even though the company’s systems had been affected.

The hacker group has also struck government websites of the Russian Federation and claimed that “Russian secret service website is down!” on the official Twitter page. The site has been down for some time. 

Last month, two German companies, Oiltanking GmbH Group and Mabanaft Group, fell victims to a cyber incident affecting their IT systems. Both companies owned by Hamburg-based company fuel group Marquard & Bahls were struck by cyber attackers, who have targeted the loading and unloading systems at the German arm of petrol tank terminal provider Oiltanking.

The Anonymous attacks come as ransomware attackers have breached networks at the German business unit of Toyota supplier Denso, though production and business activities were not affected. The Denso attack is the second confirmed cyber incident against a Toyota supplier in the last fortnight. In the latest episode, cybercriminals targeted operations following unauthorized access using ransomware at Denso Automotive Deutschland GmbH, marking the latest in a series of cyber attacks and potential disruptions for the giant carmaker.

“With the global opposition to the Russian invasion of Ukraine, I doubt there is much sympathy for Rosneft, even as a subsidiary in Germany. This attack shows that globally, threat actor groups and nation states are both potential disruptors to critical infrastructure or any private sector company,” Saryu Nayyar, CEO and founder, Gurucul, wrote in an emailed statement. 

“All organizations should stay vigilant and continue to invest in cyber security solutions that employ advanced analytics and automated detection and response to thwart threat actors from disrupting operations, stealing sensitive data, or detonating ransomware,” she added. 

Given the precarious cybersecurity conditions, the U.S. security agencies recently issued a joint cybersecurity advisory (CSA) warning of hackers deploying ‘destructive malware’ against Ukrainian organizations. In addition, alerts were issued to critical infrastructure installations warning of malicious hackers, using influence operations to shape public opinion, undermine trust, amplify division, and sow discord. A ‘Shields Up’ alert has also been issued that notifies every organization in the country of potential risk from cyber threats.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems