Critical Infrastructure Security , Cybercrime , Fraud Management & Cybercrime

Anonymous Reportedly Hacked Russian Energy Firm Rosneft

Report: Business Operations Unaffected, Despite Some Disruption
Anonymous Reportedly Hacked Russian Energy Firm Rosneft
Anonymous is less a specific group and more a focus for individual activity. (Source: TheDigitalArtist via Pixabay)

International hacking collective Anonymous on Monday hacked the German subsidiary of Russian energy company Rosneft, die Welt newspaper says, citing the country's cybersecurity watchdog, the Federal Office for Information Security.

See Also: Panel Discussion | MITRE ATT&CK Framework: Seeing Through the Eyes of Your Attacker

While a Twitter account called Anonymous tweeted about the attack, Information Security Media Group could not independently verify the claim.

The Federal Office for Information Security also reportedly confirmed to the German newspaper that the alleged victim company had reported an IT security incident on Friday night or early Saturday morning. The agency then issued a cybersecurity warning to other companies in the energy sector, it says.

A spokesperson for Rosneft was not immediately available to comment on the story.

Logical Target?

Offering an overview of the historical impact of this news, Toby Lewis, head of threat analysis at cybersecurity firm Darktrace, says that Germany has relied on Russian exports of oil and gas in the past, and many were surprised when the country made the decision to halt the Nord Stream 2 pipeline at the outbreak of war.

"However, Rosneft in Germany doesn't appear to be involved in oil and gas imports and exports. It is instead more about refining and internal distribution, and according to Anonymous, this still generates a profit for the Russian parent company and thus is a valid target," he tells ISMG.

Impact on Business

The German branch of Anonymous seems to have infiltrated the German subsidiary of Russia’s state oil company Rosneft, stealing over 20 TB of data, Lewis says, citing unspecified reports.

The die Welt newspaper, however, reported that the attack did not affect any business operations at Rosneft, although it says some systems were affected and various processes were disrupted.

As proof of disruption the hacktivist group posted screenshots that show wiped corporate iPhones and at least one file server, Lewis tells ISMG.

The exact modus operandi of the group is not yet known, but the attackers reference weak and easily guessed iPhone passwords and the use of FTP to exfiltrate data without detection, Lewis says. These are not sophisticated or novel methods.

Rosneft's international website has also been attacked and "paralyzed" since the end of February, the German newspaper said. ISMG could not access the website.

Mitigation Challenges

Lewis says that the problem with critical environments is that they do not fail gracefully, and there is no option of reverting to pen and paper.

"The urgent challenge for defenders of critical national infrastructure globally is to be able to interrupt attacks once they get inside, before normal business operations are disrupted and before widespread shutdowns," he says.

James McQuiggan, security awareness advocate at KnowBe4, says that in this case, Anonymous is targeting the oil refineries to collect information and damage the brand and reputation of the organization to bring to light the relationship between the organization's leaders and Russia. He tells ISMG that the hacktivist group will most likely try to leverage the data in future actions but will not share it publicly, unlike other cybercriminal groups who would extort the organization for money.

Growing Cyberwar

Last week, Anonymous said it had hacked Russian censorship agency Roskomnadzor, releasing 364,000 files it said show intensified censorship around the perception of the Ukraine invasion (see: Anonymous Reportedly Hacks Russian Censorship Agency).

The conflict in Ukraine has emboldened independent individuals and groups looking to take potshots at Russian entities, says John Bambenek, principal threat hunter at digital IT and security operations firm Netenrich.

Regarding the reported Rosneft incident, he tells ISMG: "It is no surprise that an affiliate of a Russian energy company was hit. That said, it’s important to note that the 'Anonymous' moniker less represents a specific group of people and is more of independent actors assuming the moniker and spirit for a little payback on Uncle Vlad."

And the conflict has spread to the underground, with Anonymous declaring a full cyberwar on Russia late last month. Almost immediately, the group claimed to have hacked websites connected to the Russian government, state media and banks (see: Anonymous Extends Its Russian Cyberwar to State-Run Media).

Anonymous has also reportedly hit the government website for Chechnya, a Russian republic that has vowed military support for Russia.

It also claims to have leaked more than 200GB of emails from the Belarusian weapons manufacturer Tetraedr and claimed credit for hacking Russian ISPs.

Anonymous says its other Russian targets include state-run media agencies Tass, Izvestia, Fontaka, RBC and Kommersant.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing careersinfosecurity.com, you agree to our use of cookies.