**Cyberattack Disrupts Venezuela’s PDVSA, Delaying Oil Operations**
Venezuela’s state-owned oil company, Petróleos de Venezuela SA (PDVSA), is grappling with a prolonged cyberattack that has crippled critical administrative systems since early Saturday. The breach targeted networks managing export and import data at the country’s primary crude terminal, Jose, leaving key operations offline as of Monday.
According to internal sources, PDVSA instructed employees to shut down computers, disconnect external hardware, and disable WiFi and Starlink connections following the attack. Security at company facilities was also heightened. An internal memo warned staff against restarting devices without authorization, citing concerns over potential data compromise.
In a statement, PDVSA described the incident as a “sabotage attempt” that it claimed to have neutralized, asserting that oil production remained unaffected. However, the outage has forced contingency measures, delaying scheduled loadings and disrupting operations.
The attack occurs amid heightened geopolitical tensions. Venezuelan President Nicolás Maduro has repeatedly accused the U.S. of orchestrating cyberattacks, including a prior hack allegedly originating from Macedonia that disrupted last year’s election results. The U.S. has denied direct involvement but has taken aggressive actions against Venezuela, including seizing a sanctioned oil tanker last week and authorizing covert CIA operations in October to counter drug trafficking and illegal migration.
PDVSA’s vulnerability has been exacerbated by years of deferred maintenance and the loss of critical software licenses due to U.S. sanctions, which barred dealings with American tech providers. While the company has faced previous cyber incidents, this disruption is reportedly the most prolonged to date.
The incident underscores the growing intersection of cyber threats and energy infrastructure, particularly in regions facing geopolitical and economic instability.
Source: https://www.insurancejournal.com/news/international/2025/12/16/851254.htm
PDVSA Petróleos de Venezuela S.A. cybersecurity rating report: https://www.rankiteo.com/company/petroleosdevenezuela
"id": "PET1765893364",
"linkid": "petroleosdevenezuela",
"type": "Cyber Attack",
"date": "12/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'industry': 'Oil and Gas',
'location': 'Venezuela',
'name': 'Petroleos de Venezuela SA (PDVSA)',
'size': 'Large (national oil company)',
'type': 'State-owned oil company'}],
'data_breach': {'data_exfiltration': 'Not ruled out'},
'date_detected': '2025-01-04',
'date_publicly_disclosed': '2025-01-06',
'description': 'Venezuela’s state oil company, Petroleos de Venezuela SA '
'(PDVSA), is struggling to restore key administrative systems '
'after a cyberattack over the weekend. The breach affected the '
'network managing export and import data at the country’s main '
'crude terminal of Jose, leading to delayed scheduled loadings '
'and contingency measures. PDVSA instructed staff to shut down '
'computers, disconnect external hardware, and cut off WiFi and '
'Starlink connections. Security at company facilities was '
'reinforced, and the company stated it had neutralized a '
"'sabotage attempt' aimed at disrupting operations, though oil "
'output was not affected.',
'impact': {'data_compromised': 'Possibility of information compromise (not '
'confirmed)',
'downtime': 'Ongoing as of 2025-01-06',
'operational_impact': 'Delayed scheduled loadings, contingency '
'measures, shutdown of computers and '
'external connections',
'systems_affected': 'Administrative networks managing export and '
'import data at Jose crude terminal'},
'investigation_status': 'Ongoing',
'motivation': 'Sabotage/Disruption of operations',
'post_incident_analysis': {'root_causes': 'Years of limited maintenance, loss '
'of key software licenses due to US '
'sanctions, outdated administrative '
'networks'},
'references': [{'date_accessed': '2025-01-06', 'source': 'Bloomberg'}],
'response': {'communication_strategy': 'Internal memo to staff, public '
'statement describing the incident as '
"a 'sabotage attempt'",
'containment_measures': 'Shutdown of computers, disconnection of '
'external hardware, WiFi and Starlink '
'cutoffs, reinforced security at '
'facilities',
'incident_response_plan_activated': 'Yes',
'recovery_measures': 'Ongoing restoration efforts'},
'stakeholder_advisories': 'Internal memo instructing personnel not to restart '
'or use devices without guidance',
'threat_actor': 'Unknown (allegedly foreign state-sponsored, with speculation '
'of US involvement)',
'title': 'Cyberattack on PDVSA Disrupts Key Administrative Systems',
'type': 'Cyberattack'}