Cyber Incident Victim: Россети

On February 28, 2022, electric vehicle charging stations along Russia’s M11 motorway between Moscow and Saint Petersburg were rendered inoperable and reprogrammed to display anti-Russian political messages. Russian energy company Rosseti attributed the incident in a Facebook post to a compromised component supply chain, stating the chargers had been purchased through a Russian firm that outsourced production to AutoEnterprise, a Kharkiv-based Ukrainian EV charging parts supplier. Social media posts emerged that morning showing the disabled chargers first displaying an English-language error message ("CALL SERVICE NO PLUGS AVAILABLE") followed by Russian-language screens with the phrases "GLORY TO UKRAINE / GLORY TO THE HEROES / PUTIN IS A DICKHEAD / DEATH TO THE ENEMY." The "Putin is a dickhead" slogan referenced a popular Ukrainian protest phrase originating after Russia’s 2014 invasion, particularly among Kharkiv soccer fans.

Rosseti announced it was isolating the affected charging stations from the broader grid network to contain the incident and stated the systems would be restored to operation soon. The company implicated AutoEnterprise’s alleged use of a backdoor in the chargers’ control systems as the intrusion vector. AutoEnterprise reposted a video of the hacked chargers from an Instagram user but did not publicly claim responsibility. The exact number of compromised chargers, duration of message displays prior to discovery, and timeline for full restoration remained unconfirmed. No operational disruptions beyond the EV charging infrastructure were reported, and Rosseti did not disclose whether other grid components faced collateral risks during isolation efforts. The incident marked a publicly documented case of geopolitical hacktivism impacting Russian civilian infrastructure during the early phase of the 2022 invasion of Ukraine.