Berlin A cyber attack on the German subsidiary of the Russian oil company Rosneft led to a massive loss of data. The hackers apparently also have other companies in the industry in their sights: As the Handelsblatt learned from IT security circles, there were attempts to access them via remote maintenance access. However, these were prevented by the operators by separating the connection.
The hacker attack by the Anonymous group became known at the weekend through consistent media reports in “Spiegel” and “Welt”. The Federal Office for Information Security (BSI) confirmed on Monday that the company had reported an IT security incident on Saturday night. It is obliged to do this because it operates a “critical infrastructure”.
The BSI wrote that the effects on supply have not yet become apparent. The operator and the authorities are in constant contact. “The BSI has also issued a corresponding cyber security warning to other companies and organizations in the petroleum industry.” The incident confirms the authority’s assessment of the heightened security situation in cyberspace shortly after the start of the Russian attack on Ukraine.
Rosneft is Russia’s largest oil producer. The chairman of the supervisory board is former Chancellor Gerhard Schröder (SPD). Among other things, he has been heavily criticized for this office since Putin’s attack on Ukraine. Rosneft Germany has interests in three German refineries, in Schwedt in Brandenburg (PCK), Karlsruhe (Miro) and Neustadt an der Donau (Bayernoil).
Top jobs of the day
Find the best jobs now and
be notified by email.
Meanwhile, production at the company’s refineries continues. “Operations are not affected,” said Burkhard Woelki from Rosneft Germany. However, all IT systems have been shut down and e-mail traffic has been interrupted.
Meanwhile, Rosneft’s communication is causing irritation among customers. Some found out about the attack from the newspaper. Rosneft has not informed its customers that it has been the victim of a cyber attack, according to BP company circles. “As a rule, we are informed about such incidents.”
The British company purchases oil from the Russian supplier, among others. However, the attack on Rosneft had no impact on BP’s operational business. Shell Germany, which operates two refineries in Germany together with Rosneft (Schwedt and Miro), did not want to comment on the incident when asked.
Anonymous scoffs at Rosneft
The hacker collective Anonymous claimed responsibility for the attack on Friday evening. The website Anonleaks announced: “20 terabytes: Anonymous hijacks data from Rosneft Germany.” Activists managed to gain access to the servers of Rosneft Germany and “tap masses of data”. The attackers illustrated their statements with screenshots that are supposed to show file directories and databases, for example.
Backups of executives’ laptops are also affected. The group also claims to have remotely erased 59 iPhones and other devices. According to the hackers, the downloaded information will now be viewed: “We are curious to see if we can find out anything about Mr. Schröder.” However, there are no plans to publish all the data.
The claims cannot be independently verified. If the hackers’ description is correct, Rosneft probably only protected its systems very inadequately. The activists claim to have moved around the systems “continuously and non-stop” for two weeks, copying large amounts of data. They make fun of Rosneft. At one point they ask: “IT security at the highest level?” And answer themselves: “Rosnjet!”
Security circles have learned that the perpetrators got in, among other things, through the control and administration of printers at Rosneft. According to the Anonymous website, “one should pay more attention to the service accounts of printers in Active Directory”.
The collective justified the attack on the one hand with the fact that Rosneft could circumvent sanctions via the German subsidiary and thus earn foreign currency for Russia, and on the other hand with former Chancellor Schröder’s lobbying for the company.
In the publication, Anonymous emphasizes that they “did not want to mess around directly with Russian energy companies,” since the energy supply of some states depends on Russia. However, Rosneft Germany is mainly active in areas such as sales and does not operate any critical infrastructure. “No pipelines to shut down, no nuclear reactors, even the refineries would keep working.”
BKA investigates against the hackers
Nevertheless, the German authorities take the incident seriously. The Berlin public prosecutor’s office has initiated investigations against unknown persons, as a spokeswoman confirmed. The investigation is not conducted by the state police, but by the Federal Criminal Police Office. The spokeswoman said that she was not yet able to provide any further information about the allegation. Computer sabotage under Section 303b of the Criminal Code is an option – the maximum penalty is three years in prison.
Two weeks ago, several authorities in the Handelsblatt warned against taking action against Russian targets. The BSI sees a “considerable risk potential” and “unpredictable consequences”. Two public prosecutors specializing in cybercrime emphasized that no special rules apply to activist attacks from Germany and that the attacks will be prosecuted.
Sven Herpig, head of international cyber security policy at the New Responsibility Foundation, called such attacks “highly problematic”. He said: “This will not achieve strategic goals for peace. However, the risk of collateral damage is high. A lot can go wrong there.” The activists also risked ending up on the enemy lists of the Russian intelligence services.
The Anonymous website identifies a “Martin Gadler” with an e-mail address as the contact person. On Monday afternoon, he did not answer a short-term request as to how the hackers would assess the investigations that had been initiated.
Anonymous is a collective that is not narrowly defined – anyone can declare themselves an activist. The group has sided with Ukraine since Putin’s invasion and declared “cyber war” on Moscow. According to its own statements, it paralyzed websites of Russian authorities and companies with overload attacks and allegedly hacked TV stations and streaming services at times.
More: Prosecutors warn hobby hackers against illegal activities