Ukrainian hackers wipe databases at Russia's Gazprom in major cyberattack, intelligence source says
Editor's Note: This story has been updated with new details about the attack.
Cyber specialists from Ukraine's military intelligence agency (HUR) carried out a large-scale cyberattack against the network infrastructure of Russian energy giant Gazprom, causing significant disruptions, a HUR source told the Kyiv Independent on July 18.
The Kyiv Independent could not independently verify these claims. Gazprom and Russian authorities have not publicly commented on the reported incident.
The alleged operation took place on July 17 and targeted systems used by Gazprom and its subsidiaries, which Ukraine's intelligence claims are directly involved in supporting Russia's war effort.
Gazprom is Russia's state-owned energy company, one of the world's largest gas producers and exporters.
The cyberattack allegedly destroyed large volumes of data and installed custom software designed to further damage the company's information systems.
"The degradation of Russian information systems to the technological Middle Ages continues," the source within the HUR told the Kyiv Independent.
"We congratulate Russian 'cyber specialists' on this new achievement and recommend they gradually replace their mice and keyboards with hammers and pincers."
According to the source, access to Gazprom's internal systems was disabled for nearly 20,000 system administrators, and backup copies of key databases were wiped. The attack reportedly affected approximately 390 subsidiary companies and branches, including Gazprom Teplo Energo, Gazprom Obl Energo, and Gazprom Energozbyt.
In a later message on July 19, the source provided additional details on what was destroyed.
"As a result of the cyber operation, the corporation's records of contracts, schedules, and tariffs were destroyed, including data on who and how much gas/oil should be supplied, data on payments, taxes, Gazprom's financial balances, information on the corporation's licenses and legal agreements."
Data for systems that manage pressure, costs, gas and oil balances, and data on Gazprom's wells and networks were also destroyed, the source added.
The source provided a video and screenshots that appeared to show access deep within the Russian databases, though the Kyiv Independent could not verify the authenticity of the evidence.
Hundreds of terabytes of data were downloaded by the Ukrainian hackers prior to their deletion from the Russian systems, the source said.
The sources said the attackers managed to destroy clusters of "extremely powerful" servers running 1C, a software widely used for managing documents and contracts, analytics data for pipelines, valves, pumps, and SCADA systems — key elements in operating Gazprom's technical infrastructure.
Multiple servers reportedly had operating systems removed or disabled, and the BIOS (basic firmware) of many devices was damaged, making them inoperable without physical repairs.
