Cyber Incident Victim: Gazprom

On July 17, 2025, Ukrainian military intelligence (HUR) conducted a cyberattack against Gazprom's network infrastructure, as reported by a HUR source to the Kyiv Independent on July 18. The attack targeted systems used by Gazprom and its subsidiaries involved in supporting Russia's war effort. According to the source, access to internal systems was disabled for nearly 20,000 system administrators, and backup copies of key databases were wiped. The operation affected approximately 390 subsidiary companies and branches, including Gazprom Teplo Energo, Gazprom Obl Energo, and Gazprom Energozbyt.

The attack destroyed large volumes of data, including records of contracts, schedules, tariffs, payment and tax information, financial balances, licenses, and legal agreements. Data managing pressure, costs, gas and oil balances, and information on wells and networks were also destroyed. Multiple servers had their operating systems removed or disabled, and the BIOS of many devices was damaged, rendering them inoperable without physical repairs. Hundreds of terabytes of data were downloaded prior to deletion. Clusters of extremely powerful servers running 1C software, used for document and contract management, analytics for pipelines, valves, pumps, and SCADA systems, were destroyed.

Gazprom and Russian authorities have not publicly commented on the reported incident, and the Kyiv Independent could not independently verify the claims. The source described the degradation of Russian information systems to a technological Middle Ages and noted that the attackers installed custom software intended to further damage Gazprom's information systems. No further details on detection, containment, or remediation were provided in the source.