Cyber Incident Victim: Petróleos de Venezuela SA
Date:
Dec 2025
Location:
Venezuela
Summary
The cyberattack on Petróleos de Venezuela SA disabled its core systems, forcing the company to rely on phone calls, handwritten reports and messaging apps for daily operations. Since the incident, payments to contractors and employees have been delayed, production data cannot be accessed internally, and platforms for accounting, SAP and SCADA remain offline. Internal email is unavailable, so staff in legal, finance, engineering and health units communicate via WhatsApp, Telegram or Gmail, while retirees have had to submit personal information manually to verify pension deposits. The attack underscores long‑standing weaknesses in the firm’s technological infrastructure, stemming from years of underinvestment, corruption and sanctions that limited system upgrades. Responsibility for the breach has not been attributed.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 0 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
On December 15, 2025, a cyberattack forced the shutdown of Petróleos de Venezuela SA’s (PDVSA) core information technology systems, according to individuals familiar with the incident who spoke anonymously. Since that date the state‑owned oil company has been conducting its day‑to‑day business through telephone calls and handwritten reports, as its internal networks remain unavailable. The disruption has slowed payments to contractors and employees and has impeded the flow of production data, the sources said. Although the perpetrator has not been identified, the United States government has denied responsibility for the attack. The incident highlights the fragility of Venezuela’s technological infrastructure, which has been affected by decades of underinvestment, corruption and the restrictive effects of US sanctions that have limited PDVSA’s ability to modernize its systems.
The attack specifically compromised PDVSA’s supervisory control and data acquisition (SCADA) platform, which governs operations in refineries, compression plants and pipelines, leaving those processes without automated oversight. In addition, the company’s SAP enterprise resource planning software remains offline, forcing many administrative and financial tasks to be performed manually. Consequently, PDVSA cannot access the underlying systems that handle accounting, payments and production data, and its internal email service is also down, restricting official electronic communication. To maintain coordination, employees in the legal, finance, engineering and health divisions located in Caracas, Barinas, Puerto La Cruz and El Tigre have turned to consumer messaging applications such as WhatsApp and Telegram for internal exchanges. Workers engaged in the Orinoco Belt operations are similarly relying on Telegram and personal Gmail accounts to share information.
The loss of normal payment channels has left staff uncertain about their compensation; a retiree reported being unable to verify his January pension deposit through the company’s portal and was instructed to submit his personal details by hand to a clerk at PDVSA headquarters in Caracas, after which the clerk processed the payment through an alternate account. In response to the outage, the company has relied on phone calls, handwritten documentation and the aforementioned messaging apps to continue essential functions such as issuing work orders, tracking inventory and coordinating maintenance. While these ad‑hoc measures have kept some operations running, they have introduced delays and increased the risk of errors in data handling and financial transactions. No official timeline for the restoration of PDVSA’s primary IT platforms has been disclosed in the available reporting.