Pakistan Petroleum Limited (PPL)
August 6, 2025
•[ ransomware, leak, malware ]
PPLs servers and backups were encrypted and disabled by Blue Locker ransomware; IT and financial operations were disrupted for days; a ransom note threatened data leaks; NCERT issued high alert advisory to national institutions
Acea
July 31, 2025
•[ ransomware, malware, energy ]
Italian utility company Acea suffered another ransomware attack, this time claimed by World Leaks. Systems were encrypted, disrupting operations, though the exact duration and number of affected customers were not disclosed.
KazMunaiGas
May 5, 2025
•[ social, hack, phishing ]
A spear-phishing campaign disguised as internal HR communications delivered multi-stage malware to KMG employees. Attackers used a compromised business email, LNK downloader, PowerShell (DOWNSHELL), and DLL implant to establish reverse shell access. KMG later labeled it a phishing test.
Oil and gas facility control panels in the U.S.
January 31, 2025
•[ hack, energy ]
Researchers at Cyble identify Sector 16, a new pro-Russian hacktivist group targeting into oil and gas facility control panels in the U.S.
Yazoo Valley Electric Power Association
January 30, 2025
•[ ransomware, malware, energy ]
Yazoo Valley Electric Power Association, an electric utility serving multiple counties in Mississippi discloses to suffer an attack by cybercriminals last summer in an incident that exposed the information of more than 20,000 residents. The Akira ransomware gang claims responsibility for the attack.
CenterPoint Energy
January 28, 2025
•[ leak, energy ]
CenterPoint Energy, a large Texas energy company confirms it is investigating reports of stolen customer data that has been published on a cybercriminal forum after it was allegedly taken during the 2023 MOVEit breach.
Gazprom
January 28, 2025
•[ hack, ddos, energy ]
Ukrainian cyber experts have carried out a DDOS attack on the digital infrastructure of some of the largest Russian energy companies, Gazprom and Gazpromneft. Babel and a number of other media outlets report this , citing a source.
Lukoil
January 1, 2025
•[ hack, ddos, energy ]
Ukraines military intelligence agency (GUR) launched a coordinated DDoS attack against Russian oil giant Lukoil and digital infrastructure like Evotor and Chestny Znak, disrupting payment terminals and authentication systems nationwide. The politically motivated operation caused significant service outages during the New Year holiday, demonstrating Ukraine's expanding offensive cyber capabilities.
Electrica Group
December 9, 2024
•[ ransomware, malware, energy ]
Electrica Group, a key player in the Romanian electricity distribution and supply market, is investigating a ransomware attack.
Refinadora Costarricense de Petróleo
November 27, 2024
•[ ransomware, malware, energy ]
Refinadora Costarricense de Petrleo (RECOPE), the state-owned energy provider for Costa Rica is hit with a ransomware attack, requiring the company to shift to manual operations and call in help from abroad.
ENGlobal Corporation
November 25, 2024
•[ ransomware, malware, energy ]
ENGlobal Corporation, a major contractor for the energy industry confirms in a notice to regulators that it is dealing with a ransomware attack that has hindered operations.
Tibber
November 10, 2024
•[ hack, energy ]
In November 2024, the German electricity provider Tibber suffered a data breach that exposed the personal information of 50k customers. The data included names, email addresses, geographic locations (city and postcode) and total spend on purchases. The data was provided to HIBP by a source who requested it be attributed to "Threat Actor 888".
Newpark Resources
October 29, 2024
•[ ransomware, malware, energy ]
Newpark Resources, a key supplier for oilfields says a ransomware attack caused disruptions and limited access to certain systems.
Government sites and nuclear facilities in Iran
October 12, 2024
•[ hack, ddos, government ]
Government sites and nuclear facilities in Iran are hit by disruptive cyberattacks.
Undisclosed nuclear-related organization
October 1, 2024
•[ espionage, malware, energy ]
Researchers at Kaspersky reveal that the Lazarus Group, the threat actor linked to the Democratic People's Republic of Korea (DPRK), has been observed leveraging a "complex infection chain" targeting at least two employees belonging to an unnamed nuclear-related organization. The attacks, part of Operation Dream Job, culminated in the deployment of a new modular backdoor referred to as CookiePlus,
Halliburton
August 21, 2024
•[ hack, energy ]
Halliburton, one of the world's largest providers of services to the energy industry, confirms a cyberattack that forced it to shut down some of its systems earlier this week.
Evolution Mining
August 8, 2024
•[ ransomware, malware, energy ]
Evolution Mining informs that it has been targeted by a ransomware attack, which impacted its IT systems.
Northern Minerals
June 4, 2024
•[ ransomware, malware, energy ]
Northern Minerals issues an announcement warning that it suffered a cybersecurity breach resulting in some of its stolen data being published on the dark web. The BianLian ransomware group claims responsibility for the attack,
Iberdrola
May 7, 2024
•[ leak, energy ]
Spanish multinational electrical utility Iberdrola says a cyber incident to a supplier in the beginning of May resulted in a data breach involving 850,000 Spanish customers.
Atlas
May 1, 2024
•[ ransomware, malware, energy ]
The Back Basta extortion group claims to have breached Atlas, one of the largest national distributors of fuel in the United States. Black Basta purportedly stole 730 GB of data
