DTEK Group, which owns coal and thermal power plants in various parts of Ukraine, said the goal of the hack was to “destabilize the technological processes” of its distribution and generation firms, spread propaganda about the company’s operations, and “to leave Ukrainian consumers without electricity. “
The actual impact of the hack, and what computer systems were breached, is unclear.
There have been no reports of outages caused by the incident. DTEK did not respond to requests for comment.
The hacking incident was disclosed days after Rinat Akhmetov, Ukraine’s richest man and DTEK’s owner, sued Russia at the European Court of Human Rights for allegedly costing Akhmetov billions of dollars in property rights damages.
A Russian-speaking hacking group known as XakNet claimed to have breached DTEK’s networks this week and posted screenshots on the Telegram app of purported DTEK data as proof.
The hacking group surfaced in March, according to a US and allied government advisory, and has claimed to target Ukrainian officials in support of Russia’s war.
XakNet has had access to data belonging to an organization that was likely hacked by a Russian cyber espionage group, suggesting a possible link between XakNet and the Russian government, said Alden Wahlstrom a senior analyst at US cybersecurity firm Mandiant, which has investigated some of XakNet’s activity.
It was just an ordinary day at the shops
On its Telegram channel, XakNet has mocked and denied the suggestion that it works with the Russian government.
CNN has requested comment from the Russian Embassy in Washington.
The hacking incident coincided with Russian shelling this week of a DTEK-owned thermal power plant in Kryvyi Rih, in central Ukraine, according to DTEK, whose website says it employs 56,000 people.
Microsoft in an April report made the case that Russian hacking has sometimes been used in tandem with kinetic military strikes.
A cyberattack hit a Ukrainian broadcast company on March 1, the same day as a Russian missile strike against a TV tower in Kyiv, the report said.
Ukrainian energy providers have consistently been the target of Russian hacking teams since Russia annexed Crimea in 2014.
The Justice Department blamed Russia’s military intelligence service for cyberattacks on electric utilities in 2015 and 2016 that cut power in parts of Ukraine.
The same Russian hacking group in April allegedly targeted electrical equipment in an area serving two million people in Ukraine, but Ukrainian officials claimed the hack was thwarted.
“The company makes every effort to ensure the stable operation of Ukraine’s energy system during the war and to ensure uninterrupted power supply to Ukrainian consumers,” DTEK said in its statement Friday.