Gazprom loses over 1TB of files to GURMO
Data taken from those files were used to plan the cyber attacks against Gazprom pipelines
Gazprom suffered a massive data breach that resulted in almost 1.5 terabytes of valuable data being transferred into the possession of the Main Intelligence Directorate of the Ministry of Defense of Ukraine (GURMO). The breach was conducted by GURMO’s Offensive Cyber team, the same team that was involved in the SCADA attack against two Gazprom pipelines in the past few days. Data obtained in the CNE operation informed the planning of the CNA operation. I’ve been authorized to share over 300MB of data from that breach, which paid subscribers can download at the end of this article.
The data includes administrative files for Gazprom management, communication requirements for the plants, maps, a massive 3,600 page .pdf on all of the requirements for construction of a new pipeline facility, a work order for an overhaul of the relay protection and automation devices, information on the assignment of the primary communications network of the pipeline as well as the digital radio-relay communication line (CRRL), and much, much more.
GURMO has only shared about 2% of the total number of files for public release for the purpose of confirming the breach. The balance of Gazprom’s files are being reviewed by GURMO analysts and may be shared with their Intelligence partners. The download link follows.
Keep reading with a 7-day free trial
Subscribe to Inside Cyber Warfare to keep reading this post and get 7 days of free access to the full post archives.