By John Q. Hosedrinker 
On July 17, Ukrainian military intelligence (HUR) reportedly launched a cyberattack against Gazprom, Russia’s state-owned energy giant, causing significant disruptions. The attack allegedly targeted systems used by Gazprom and its subsidiaries, which Ukraine claims support the Russian war effort. The operation resulted in the destruction of data, the installation of damaging software, and the disabling of internal systems for thousands of administrators across hundreds of subsidiaries. The Kyiv Independent could not independently verify these claims, and neither Gazprom nor Russian authorities have commented publicly.
Read the original article here
Ukrainian hackers wiping databases at Russia’s Gazprom in a major cyberattack is undoubtedly the headline grabbing the attention. The report suggests a serious breach, with the wiping of key databases and the disabling of access for thousands of system administrators. This paints a picture of a significant disruption, potentially impacting hundreds of subsidiaries and branches of a company as vast as Gazprom. It’s easy to see this as a major blow, but it’s crucial to understand the technical details and the likely impact.
The first thought that pops to mind is about backups. Any experienced tech person knows that a “wipe” doesn’t necessarily mean permanent data loss, but rather, is a temporary setback. Usually, the ability to restore from a backup exists, potentially mitigating the damage. However, the article mentions the hackers reportedly wiped the backups too, complicating the recovery process significantly. If the backups were stored on the same network as the primary systems, they were likely vulnerable. Any hacker with enough access would target these as well to maximize the impact of their actions.
But, as any veteran of the IT world knows, securing backups is a critical aspect of any robust disaster recovery plan. The best practice for backups is creating a multiple-location approach. This includes offsite backups, air-gapped backups (physically disconnected from the network), and potentially even cloud backups. These measures make it much harder for hackers to eliminate them all. Even if one set of backups is compromised, others should be available to restore data.
The nature of the attack itself is critical. Instead of just a straightforward data wipe, another method is to slowly corrupt data. This is a sneaky approach; by subtly manipulating schedules, disrupting logistics, or altering production data, a hacker can cause widespread chaos. It is much harder to detect, making the recovery even more complex. By the time the problem is spotted, the backups might already be useless.
When assessing the impact, consider the size and complexity of Gazprom’s operations. The article states that the attack reportedly affected approximately 390 subsidiary companies and branches. Losing even a few weeks’ worth of data in this kind of environment is a monumental loss. The speed of recovery depends heavily on the backup and system setup. Will they be able to roll back to an older, clean state or will they have to rebuild?
The article does acknowledge that Gazprom has the resources to afford top-tier technology. They have both the money and the necessity to have established a robust backup strategy. It’s reasonable to speculate that they employ a modern backup solution, possibly including offsite backups and cloud storage. That could make the recovery faster. It’s all speculation without inside knowledge.
Considering the corruption level within Russia, it is likely that Gazprom’s IT staff is underpaid. This can influence the overall security posture of a company. The most corrupt organizations in Russia can be extremely vulnerable. The internal politics and mismanagement might even contribute to security weaknesses that hackers could exploit.
The attack’s impact will depend on the hackers’ exact goals. Would they simply try to cause disruption and chaos, or were they aiming for some financial or strategic advantage? Beyond simply erasing data, the hackers could have attempted to compromise the Energy Trading Risk Management system. Messing with those models could have significant consequences, potentially affecting pricing, production, or even the overall stability of the company.
Whether this cyberattack will have any lasting negative impact is a complex question. Gazprom is a huge company, and it is unlikely that this breach will result in the company’s collapse. However, it will likely lead to higher operational costs for a time. Any economic analysis that makes definitive predictions about the long-term survival of an industry should be considered with a healthy dose of skepticism. Russia is also known to do “unthinkable things” to keep their infrastructure working.
Ultimately, this cyberattack on Gazprom is a serious event. It highlights the ongoing cyberwarfare aspect of the conflict. The extent of the damage will be determined by the quality of Gazprom’s cybersecurity defenses, their backup strategies, and the hackers’ objectives. If they weren’t well prepared, it will be an expensive and lengthy recovery.