Cyberattacks have hit at least three wind power firms in Germany in the two months since Russia invaded Ukraine. A European wind power industry association says the timing of the hacks suggests possible links to hackers sympathetic with Russia aiming to wreak havoc on European renewable energy systems as Europe looks to cut its reliance on Russian fossil fuels. German firms Enercon, Nordex Group, and Deutsche Windtechnik have all reported cyber incidents in recent weeks. Earlier this month, Conti, a group that declared support for Russia at the start of the war in Ukraine, claimed responsibility for the attack on Nordex.
The cyberattacks on Germany-based wind power companies began on the day on which Russia invaded Ukraine—February 24.
Turbine maker Enercon GmbH announced a massive disruption of the satellite communication following a cyberattack on a satellite that day.
“Communication services provided via the satellite went down at almost exactly the same time that Russian troops invaded Ukraine,” Enercon said last week in its latest update on the cyber incident. Around 30,000 satellite terminals used by companies and organizations from various sectors were affected across Europe, including 5,800 Enercon wind energy converters (WECs) in central Europe with a total installed power of more than 10 gigawatts.
“The incident is suspected to have happened in connection with the Russian war of aggression, the disruption of the communication to the WECs is collateral damage,” Enercon said, noting that “There is no risk to the WECs and never has been.”
Earlier this month, another turbine maker, Nordex, reported a cyber security incident was detected on March 31, and response measures were initiated immediately. The company shut down IT systems across multiple locations and business units.
“Preliminary results of the analysis suggest that the impact of the incident has been limited to internal IT infrastructure,” Nordex said in an update on April 12.
Russia-backing Conti ransomware group claimed responsibility for the cyberattack on Nordex a few days later.
In late February, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) said in an alert that “Conti cyber threat actors remain active and reported Conti ransomware attacks against U.S. and international organizations have risen to more than 1,000.”
“A portion of actors involved with Conti ransomware are based in Russia and some criminals operating from there already have documented ties with Russian intelligence apparatus,” Kimberly Goody, a director with U.S. cybersecurity company Mandiant, told Reuters when the hacker group announced its support for Russia and threatened to attack Russian “enemies” if they respond to Putin’s invasion of Ukraine.
The latest cyberattack on the wind power sector in Germany was against Deutsche Windtechnik, which maintains wind turbines. Deutsche Windtechnik’s IT systems were targeted by a cyberattack early on April 12, the company said, noting that “the wind turbines that we look after did not suffer any damage and were never in danger.”
The timing of the attacks on German wind power firms suggests potential links to supporters of Russia’s invasion of Ukraine, Christoph Zipf, a spokesman for industry group WindEurope, told The Wall Street Journal this week.
Cyberattacks have been taking place while Germany and the whole of the EU are trying to reduce their reliance on Russian fossil fuels.
Germany, which has been the main opponent to an imminent full embargo on Russian oil imports to the EU, said on Tuesday that it hoped to find replacements for its Russian oil supply “within days,” according to Economy Minister Robert Habeck.
“Today I can say that an (oil) embargo has become manageable for Germany,” Habeck told reporters during a visit to Poland, as carried by Reuters.
By Tsvetana Paraskova for Oilprice.com
Related Stories
