In March 2022, Rosneft Deutschland, the German subsidiary of Russia’s state-owned oil giant, suffered a severe cyberattack attributed to a 30-year-old hacker linked to Anonymous Germany. The attack resulted in the theft of 20 terabytes of data, deletion of critical system information, and the disruption of IT operations for days. The hackers, claiming political motivation tied to Russia’s invasion of Ukraine, embedded pro-Ukraine slogans in the company’s infrastructure and published stolen data online. The breach forced a complete shutdown of IT systems, incurring €9.76 million (~$11.39M) in forensic and recovery costs and an additional €2.6 million (~$3M) in economic losses due to disrupted logistics and delivery operations. The attack crippled internal communications, hampered service delivery, and triggered warnings from Germany’s Federal Office for Information Security (BSI) regarding the company’s reduced ability to provide critical services. The hackers also gained administrator-level access, wiping data from 59 Apple systems and other devices.
Source: https://therecord.media/germany-charges-cyberattack-rosneft
TPRM report: https://www.rankiteo.com/company/rosneft
"id": "ros546083025",
"linkid": "rosneft",
"type": "Cyber Attack",
"date": "3/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"{'affected_entities': [{'industry': 'Oil & Gas',
'location': 'Germany',
'name': 'Rosneft Deutschland',
'type': 'Subsidiary'}],
'attack_vector': ['Unauthorized Access',
'Data Theft',
'System Deletion',
'Administrator Privilege Escalation'],
'data_breach': {'data_exfiltration': True,
'sensitivity_of_data': 'High (administrator-level access, '
'critical systems)',
'type_of_data_compromised': ['Internal Communications',
'Operational Data',
'Administrator Access Logs']},
'date_detected': 'March 2022',
'date_publicly_disclosed': 'March 2022',
'description': 'German prosecutors charged a 30-year-old man with carrying '
'out a cyberattack on Rosneft Deutschland, the German '
'subsidiary of Russia’s state-owned oil giant Rosneft. The '
'attack, launched in March 2022 after Russia’s invasion of '
'Ukraine, incapacitated the company’s operations, stole ~20 TB '
'of data, and caused millions in damages. The hacker, linked '
'to Anonymous Germany, published stolen data online and '
'embedded pro-Ukraine slogans in Rosneft’s systems. The '
'company incurred €9.76M in forensic costs and €2.6M in '
'operational losses due to disrupted IT systems and logistics.',
'impact': {'brand_reputation_impact': 'High (publicized hacktivist attack '
'with political motivations, data '
'leaks).',
'data_compromised': '20 terabytes',
'downtime': 'Days (severe disruption to internal communications '
'and operations)',
'financial_loss': '€12.36 million (~$14.39 million)',
'legal_liabilities': 'Ongoing prosecution (two counts of data '
'espionage, computer sabotage).',
'operational_impact': 'Delivery logistics hampered; limited '
'ability to provide critical services (per '
'BSI warning).',
'revenue_loss': '€2.6 million (~$3 million) in economic losses',
'systems_affected': ['IT Systems (shut down)',
'59 Apple Devices',
'Critical Infrastructure']},
'initial_access_broker': {'high_value_targets': ['Administrator Systems',
'Critical Operational Data']},
'investigation_status': 'Ongoing prosecution (suspect charged in 2024).',
'motivation': 'Protest against Rosneft’s ties to Russian President Vladimir '
'Putin and sanctions evasion efforts; support for Ukraine '
"('Glory to Ukraine' slogan embedded in systems).",
'ransomware': {'data_exfiltration': True},
'references': [{'source': 'Berlin Prosecutor’s Office'},
{'source': 'Federal Criminal Police Office (BKA)'},
{'date_accessed': 'March 2022',
'source': 'Anonymous Germany Disclosure'},
{'source': 'Federal Office for Information Security (BSI)'}],
'regulatory_compliance': {'legal_actions': 'Criminal prosecution (two counts: '
'data espionage, computer '
'sabotage).',
'regulatory_notifications': ['Federal Office for '
'Information Security '
'(BSI) warning '
'issued.']},
'response': {'containment_measures': ['IT Systems Shutdown'],
'incident_response_plan_activated': True,
'law_enforcement_notified': True,
'remediation_measures': ['Forensic Investigation'],
'third_party_assistance': ['Forensic Investigators']},
'threat_actor': ['Anonymous Germany', 'Anonymous Hacking Collective'],
'title': 'Cyberattack on Rosneft Deutschland by Anonymous Germany',
'type': ['Data Espionage', 'Computer Sabotage', 'Hacktivism']}