Germany charges hacker with Rosneft cyberattack in latest wake-up call for critical infrastructure
A 30‑year‑old man has been charged with launching a cyberattack on the German subsidiary of Russia's state-owned oil giant Rosneft. The cyberattack, which happened in March 2022 in the aftermath of Russia's invasion of Ukraine, crippled the company's operations and cost millions of euros in damages.
According to investigators at the Federal Criminal Police Office (BKA), the attack saw approximately 20 terabytes of data stolen and then deleted from the business' computer systems, with a message - 'Glory to Ukraine', left in its place.
The data allegedly stolen by the man was later distributed by the Anonymous hacktivist collective, revealing that the attack had successfully penetrated the IT systems of Germany's third-largest petroleum refining company, gaining access to:
- Rosneft Deutschalnd's backups of workers' computers and executives' laptops.
- All of the company's virtual machines, as well as its UPS (Uninterruptible Power Supply) systems.
- A full 34 GB hard disk image of the firm's mail server, along with other hard disk images.
- Documents and spreadsheets.
- Software packages and license keys.
The attack reportedly triggered the remote wipe of 59 iPhones and iPads, which had been left vulnerable due to having been "locked" with a weak password of '1234'.
The man, whose identity has not been disclosed, has been charged under computer crime laws with computer sabotage, data alternation, and data espionage. Prosecutors claim that the cost of Rosneft Deutschland shutting down its IT systems and the subsequent forensic investigation cost it approximately €9.76 million (around $11.39 million), with subsequent additional losses of roughly €2.6 million (over $3 million).
The German government took control of Rosneft's German subsidiaries in September 2022 as a result of Russian attacks on Ukraine.
Although Anonymous declared its motivation for attacking Rosneft was its close ties to Russian president Vladimir Putin, and the company's efforts at the time to evade sanctions, the threat of a cyberattack is clearly something which should be a concern for all businesses in the energy sector.
Energy infrastructure is a prized target for attackers seeking to have an economic or political impact.
In the past, hackers have successfully managed to disrupt power supplies across parts of Ukraine on numerous occasions, targeted a petrochemical plant in Saudi Arabia, and caused 5,500 mile oil pipeline to be shut down.
It is clear that all organisations, and in particular, those considered critical national infrastructure - would be wise to take the threat of cyberattack seriously.
On 1st October, Exponential-e will be hosting an event entitled 'Transforming our nation's critical services through cyber secured engineering' at The Shard in London.
The event is tailored exclusively for operators of essential services, and presents a unique opportunity for organisations to share experiences, and learn how to better secure how the UK's mission-critical services are delivered.
Places are strictly limited, so register now to avoid disappointment.
Stay Informed
When you subscribe to the blog, we will send you an e-mail when there are new updates on the site so you wouldn't miss them.
About the author
© 2025 Exponential-e Ltd. Reg. No. 04499567, Reg. Address:100 Leman Street, London E1 8EU