Cyber Incident Victim: Lukoil
Date:
Mar 2025
Location:
Russia
Summary
Lukoil suffered alarge‑scale cyberattack that disabled its entire IT network, leaving employees unable to log onto workstations and displaying a warning about a possible breach that urged them not to use their credentials to avoid data leakage. Access to client systems and internal databases was shut down across headquarters and regional branches, with the restoration timeline unclear. The company has faced earlier cyber intrusions targeting its oil‑sector operations, and its installations have repeatedly been struck by drone attacks, including a fire at the Volgograd refinery.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On March 26, Lukoil experienced a large‑scale cyberattack that caused its entire IT system to go down starting in the morning. Employees found they could not log into their work computers, and the screens displayed a strange message that resembled a malfunction notice. The message instructed staff not to use their usernames and passwords to access work accounts in order to prevent a possible data leak. As a result, access to client‑facing systems and the company’s internal databases was blocked for both headquarters and regional branches. The time required to restore normal operations was not known, although a source noted that after a comparable attack the previous year the system had taken about three days to recover.
Lukoil is one of the largest Russian oil companies and ranks second in the country by oil production volume. The March 26 incident was not the first cyber threat faced by the firm; in January, Ukraine’s Defense Intelligence had conducted a campaign targeting the Russian oil sector with the stated aim of affecting Lukoil’s services. Apart from cyber incidents, Lukoil’s facilities have also been exposed to physical attacks, such as drone strikes. On January 15, a significant fire broke out at the Volgograd oil refinery, which is owned by Lukoil. That fire was cited as an example of the recurring drone‑related incidents that have impacted the company’s infrastructure.