Cyber Incident Victim: XakNet

In early July 2022, Russian hacking group XakNet targeted DTEK Group, Ukraine's largest private energy conglomerate, in a cyberattack disclosed by the company on July 1. The attack occurred shortly after DTEK owner Rinat Akhmetov filed a lawsuit against Russia at the European Court of Human Rights seeking compensation for war-related property damages. XakNet claimed responsibility through their Telegram channel, posting screenshots of purportedly stolen DTEK data as evidence of network infiltration. According to DTEK's public statements, the hackers aimed to destabilize technological processes at its power generation and distribution facilities, spread disinformation about company operations, and cause electricity disruptions for Ukrainian consumers. The incident coincided with physical attacks by Russian forces, including shelling of a DTEK-owned thermal power plant in Kryvyi Rih during the same timeframe.

DTEK reported no operational disruptions from the cyber intrusion, with spokesperson Antonina Antosha confirming all systems remained functional following the attack. The company maintained its focus on ensuring stable energy supply amid wartime conditions. Cybersecurity firm Mandiant noted potential connections between XakNet and Russian state-sponsored actors, citing evidence that the group had accessed data previously compromised by known Russian cyber espionage operations. XakNet, which first emerged in March 2022 according to Western government advisories, publicly denied affiliation with the Russian government while continuing to target Ukrainian entities. This attack followed historical patterns of Russian cyber operations against Ukrainian energy infrastructure dating to 2014, including the 2015-2016 grid attacks attributed to Russian military intelligence and an April 2022 attempt to disrupt power for two million Ukrainians that was reportedly thwarted by Ukrainian defenses.