Russian hackers allegedly target Ukraine's biggest private energy firm

CNN/Stylemagazine.com Newswire | 7/5/2022, 11:14 a.m.
Russian hackers carried out a "cyberattack" on Ukraine's biggest private energy conglomerate in retaliation for its owner's opposition to Russia's …
Businessman Rinat Achmetow on March 22, 2013, in Donetsk, Ukraine. Russian hackers carried out a "cyberattack" on Ukraine's biggest private energy conglomerate in retaliation for its owner's opposition to Russia's war in Ukraine, the firm said July 1. Mandatory Credit: Michael Gottschalk/Photothek via Getty Images

Originally Published: 01 JUL 22 16:14 ET

Updated: 05 JUL 22 10:32 ET

By Sean Lyngaas, CNN

(CNN) -- Russian hackers carried out a "cyberattack" on Ukraine's biggest private energy conglomerate in retaliation for its owner's opposition to Russia's war in Ukraine, the firm said Friday.

DTEK Group, which owns coal and thermal power plants in various parts of Ukraine, said the goal of the hack was to "destabilize the technological processes" of its distribution and generation firms, spread propaganda about the company's operations, and "to leave Ukrainian consumers without electricity."

"The cyberattacks didn't have any negative effect on DTEK's operations so far," DTEK spokesperson Antonina Antosha told CNN in an email Tuesday. "All systems operate in a regular mode."

The hacking incident was disclosed days after Rinat Akhmetov, Ukraine's richest man and DTEK's owner, sued Russia at the European Court of Human Rights for allegedly costing Akhmetov billions of dollars in property rights damages.

A Russian-speaking hacking group known as XakNet claimed to have breached DTEK's networks this week and posted screenshots on the Telegram app of purported DTEK data as proof. The hacking group surfaced in March, according to a US and allied government advisory, and has claimed to target Ukrainian officials in support of Russia's war.

XakNet has had access to data belonging to an organization that was likely hacked by a Russian cyber espionage group, suggesting a possible link between XakNet and the Russian government, said Alden Wahlstrom a senior analyst at US cybersecurity firm Mandiant, which has investigated some of XakNet's activity.

On its Telegram channel, XakNet has mocked and denied the suggestion that it works with the Russian government.

CNN has requested comment from the Russian Embassy in Washington.

The hacking incident coincided with Russian shelling this week of a DTEK-owned thermal power plant in Kryvyi Rih, in central Ukraine, according to DTEK, whose websites says it employs 56,000 people.

Microsoft in an April report made the case that Russian hacking has sometimes been used in tandem with kinetic military strikes. A cyberattack hit a Ukrainian broadcast company on March 1, the same day as a Russian missile strike against a TV tower in Kyiv, the report said.

Ukrainian energy providers have consistently been the target of Russian hacking teams since Russia annexed Crimea in 2014. The Justice Department blamed Russia's military intelligence service for cyberattacks on electric utilities in 2015 and 2016 that cut power in parts of Ukraine.

The same Russian hacking group in April allegedly targeted electric equipment in an area serving 2 million people in Ukraine, but Ukrainian officials claimed the hack was thwarted.

"The company makes every effort to ensure the stable operation of Ukraine's energy system during the war and to ensure uninterrupted power supply to Ukrainian consumers," DTEK said in its statement Friday.

This story has been updated with comment from DTEK.