The Anonymous hacker collective claimed to have hacked the German branch of the Russian energy giant Rosneft. In hacktivists announced to have stolen 20 terabytes of data from the company.
The news of the attack was also confirmed by the German Federal Office for Information Security (BSI), the company had reported an IT security incident on Saturday night.
The BSI has offered its support to investigate the security breach, while the WELT reported that the authorities have issued a security warning to other stakeholders in the petroleum industry.
“According to reports, ongoing business will not be affected by Rosneft – but the systems have been significantly affected.” reported the WELT. “Various processes are disrupted, including the possibility of concluding contracts. Security circles suspect the hacker collective “Anonymous” to be behind the attack.”
Rosneft was already hit by Anonymous in the past, the website of Rosneft’s international was blocked by a massive DDoS attack the end of February.
The attack could have a significant impact in Germany, it is reported that the company was responsible for about a quarter of crude oil imports to Germany.
The news of the attack was also reported on Anonleaks, Anonymous claimed to have breached the company on March 11, 2022.
Anonymous condemned the operation of the company and the relationship of Ex chancellor Gerhard Schröder with Putin.
“Ex-Chancellor Gerhard Schröder is the chairman of the board of directors of Rosneft in Russia. Rosneft boss Igor Ivanovich Sechin is a Russian politician and manager. He has been a close confidante of Vladimir Putin since the 1990s. According to reports, in 2003, as deputy head of the presidential administration, he was a co-initiator of the legal prosecution and ultimately the breakup of what was once the largest oil company, Yukos.” reported Anonleaks.
Rosneft subsidiaries abroad were not impacted by sanctions against the energy giant, for this reason Anonymous decided to attack it.
“Sanctions on Rosneft and a completely unaffected subsidiary abroad – evading sanctions has never been easier and such holdings still bring foreign exchange to Russia.” continues Anonymous.
Anonymous claimed to have compromised the company’s virtual machines, UPS and more. The attack was likely discovered on March 10, 2022 and the data exfiltration was interrupted.
“The plan came up to pull all available data completely, which was relatively easy to implement via a simple FTP connection, which also pulled with 5.5GB/s. Nevertheless, it was to be expected that the system would remain in the system for a long time, because in total one had access to almost 25 terabytes, in addition to the backups also folders with documents, one had access to the iPhones and iPads of the employees.” concludes the report. “But unfortunately the download was stopped in between. Not because you got caught, not that, you’ve been in the systems continuously and non-stop for almost two weeks, loading the data. But last Friday, the very stable FTP connection broke down because their entire system gave up in the evening and suddenly there was no internet. The entry point itself still worked, but you couldn’t get any further because the system used behind it was no longer connected to the Internet.”
(SecurityAffairs – hacking, BazarLoader)