Energy
Electricity, gas, steam and air conditioning supply
125
cyberattacks and operations
In the Russian-Ukraine war, why do cyberattacks on the Energy sector matter?
The energy sector provides essential services in countries, and cyberattacks against this sector can cause outages or shortages of energy, which also has repercussions on the ability of other sectors to function. Cyberattacks and disruptions of the sector will increase the pressure on the supply of energy in the wider market - which is interconnected regionally and globally - and heightens tensions geopolitically. For example, recent cyberattacks on European energy companies are believed to be linked to the recent imposition of sanctions on Russia. So called hacktivist collectives - acting in the name of activism - are also targeting energy companies by compromising their systems, exfiltrating data and publishing it online.
What types of attacks have been documented against the sector?
Which countries have seen attacks on the sector in the context of the war?
What impact do these attacks have on people?
The impact of destructive or disruptive cyberattacks on the energy sector are felt across society as a whole. If an attack leads to the downtime of critical infrastructure, this can result in the disruption of access to electricity and gas to thousands of households, public services (e.g. health, transport, education and emergency services), organizations and businesses.
Hack and leak attacks, leading to large volumes of data published online, can have repercussions on individuals whose personal information is exposed, putting them at risk from digital or physical attacks by actors seeking to exploit this information. Hack and leak operations, where information is weaponized and taken out of context to spread disinformation, can also sow distrust in organizations.
What are the primary digital impacts observed on the sector by country?
Can history shed light on the impact of attacks on this sector?
23 December 2015 - Energy Distribution Companies, Ukraine
A cyberattack compromised the systems of three energy distribution companies in the Ivano-Frankivsk region of Western Ukraine. The attack marked the first known successful cyberattack against a power grid. Prior to the outage, the threat actors launched a telephone denial-of-service attack against customer call centers.
Societal harm/impact:
- The attack impacted 16 substations, leaving them unresponsive to any remote commands from operators and led to power outages for approximately 230,000 consumers for 1-6 hours.
- Customer call center telephone lines were also taken down preventing customers from calling in to report the outage and seek information.
- The attack was viewed as an attempt to weaken the trust in Ukrainian power companies and / or the government.
Which threat actors have been linked to attacks on the sector during the conflict?
Name | Type | Origin | Number of attacks |
|---|---|---|---|
| NoName057(16) | Collective | 54 | |
| People's CyberArmy | Collective | 21 | |
| Anonymous | Collective | Unknown | 6 |
| Sandworm | Nation State | 5 | |
| IT Army of Ukraine | Nation State | 4 | |
| KillNet | Collective | 4 | |
| GURMO | Nation State | 2 | |
| XakNet | Collective | 2 | |
| Anonymous Italia | Collective | Unknown | 2 |
| Phoenix | Collective | 2 | |
| APT28 | Nation State | 2 | |
| Net Worker Alliance | Collective | Unknown | 2 |
| DEV-0586 | Nation State | 1 | |
| Dragonfly | Nation State | 1 | |
| Wizard Spider | Cybercriminal | 1 | |
| NB65 | Collective | Unknown | 1 |
| Black Basta | Cybercriminal | Unknown | 1 |
| Anonymous-DepaixPorteur | Collective | Unknown | 1 |
| Legion Cyber Spetsnaz | Collective | 1 | |
| GhostSec | Collective | 1 | |
| Team OneFist | Collective | 1 | |
| Anonymous Russia | Collective | 1 | |
| KelvinSecurity | Unknown | Unknown | 1 |
| RADIS | Collective | Unknown | 1 |
| Russian Clay | Collective | Unknown | 1 |
| Netside Group | Collective | Unknown | 1 |
| BlueNet Russia | Unknown | Unknown | 1 |
| Solntsepek | Collective | Unknown | 1 |
| Zulik Group | Unknown | Unknown | 1 |
Explore the data
Event Name | Event Country | Event Date | Event Type | Impact Category | Impact Description | Threat Actor Name |
|---|---|---|---|---|---|---|
| DDoS attack against the website of a Ukrainian energy company | 2023-12-21 | DDoS | Disruption | Disrupted connectivity to the website. | People's CyberArmy | |
| Campaign: DDoS attack against the website of a Ukrainian energy company | 2023-12-13 | DDoS | Disruption | Disrupted connectivity to the website. | NoName057(16) | |
| DDoS attack against the website of a Ukrainian gas station operator | 2023-11-28 | DDoS | Disruption | Disrupted connectivity to the website. | People's CyberArmy | |
| Campaign: DDoS attack against the website of a Maltese energy company | 2023-10-28 | DDoS | Disruption | Disrupted connectivity to the website. | NoName057(16) | |
| Campaign: DDoS attack against the subdomain of an Estonian energy company | 2023-10-27 | DDoS | Disruption | Disrupted connectivity to the website. | Zulik Group | |
| DDoS attacks against three subdomains of a Ukrainian energy exchange company | 2023-10-20 | DDoS | Disruption | Disrupted connectivity to the websites. | People's CyberArmy | |
| DDoS attack against the website of a Ukrainian gas supplier company | 2023-10-19 | DDoS | Disruption | Disrupted connectivity to the website. | People's CyberArmy | |
| DDoS attack against the website of a Moldovan enterprise operating in the energy sector | 2023-09-25 | DDoS | Disruption | Disrupted connectivity to the website. | People's CyberArmy | |
| Camapaign: DDoS attack against the websites of four Moldovan companies operating in the energy sector | 2023-09-25 | DDoS | Disruption | Disrupted connectivity to the website. | Net Worker Alliance | |
| Campaign: DDoS attack against the website of a Moldovan gas station company | 2023-09-24 | DDoS | Disruption | Disrupted connectivity to the website. | Net Worker Alliance |
