Cyber Incident Victim: Rosneft Deutschland
Date:
Mar 2022
Location:
Germany
Summary
A cyberattack targeted the German subsidiary of Russian oil giant Rosneft, with hacker group Anonymous claiming responsibility for breaching systems and exfiltrating 20 terabytes of data. The company took its systems offline following the incident, though pipeline and refinery operations continued unaffected. Germany's Federal Office for Information Security issued alerts to other oil industry entities amid heightened cyber threats linked to geopolitical tensions, having previously warned of increased risks to critical infrastructure. Anonymous cited strategic motives for focusing on Rosneft's German division rather than Russian energy assets directly, referencing dependencies of sanctioning nations on Russian energy supplies. Prosecutors opened an investigation into the breach.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 11-12, 2022, Rosneft Deutschland GmbH, the German subsidiary of Russian state-owned energy firm Rosneft, experienced a cyberattack claimed by the hacker collective Anonymous. The Federal Office for Information Security (BSI) confirmed the incident on March 14, noting that Rosneft Deutschland reported the breach in the early hours of Saturday, March 12. Anonymous had publicly asserted responsibility on Friday, March 11, declaring it exfiltrated 20 terabytes of data from the company. Berlin prosecutors initiated an investigation following the attack, as reported by Der Spiegel. In response to the compromise, Rosneft Deutschland proactively disconnected its IT systems from networks to contain the incident. Despite this operational disruption, the company maintained normal functionality of its critical infrastructure, including pipelines and refineries, with no reported supply chain impacts. The BSI subsequently issued sector-wide alerts to oil industry stakeholders, urging heightened cybersecurity measures. This advisory aligned with its March 2022 warning about elevated cyber risks following Russia’s invasion of Ukraine, which emphasized threats to German critical infrastructure.
Rosneft Deutschland represented a strategic target due to its role in supplying approximately 25% of Germany’s crude oil imports and its ownership stakes in three German refineries. The subsidiary’s leadership connections to Russian political power structures—including CEO Igor Sechin, a close ally of President Vladimir Putin, and former German Chancellor Gerhard Schroeder as board chairman—amplified its geopolitical symbolism. Anonymous framed the attack as a deliberate exception to its avoidance of Russian energy targets, citing concerns about disrupting energy supplies to sanctioning nations. The group emphasized Rosneft Deutschland’s operational separation from Russian supply chains as justification for targeting it, contrasting with their restraint toward Rosneft’s domestic operations. This incident formed part of Anonymous’s broader campaign against Russian entities after the Ukraine invasion, which previously included attacks on government institutions like the Kremlin, Defense Ministry, State Duma, and state-aligned media outlets. The breach underscored the intersection of energy infrastructure vulnerabilities and hacktivist exploitation of geopolitical tensions.