On 17 July, cyber specialists of the Ukrainian Main Intelligence Directorate(Hlavne Upravlinnja Rozvidky, ГУР) conducted a large-scale cyber attack against the IT systems of the Russian company Gazprom.
The news was reported to the national public broadcaster Suspilne by sources within Ukrainian intelligence.

GUR and Suspilne: military intelligence and official source

The GUR is the military intelligence agency of the Ministry of Defence of Ukraine. In addition to espionage and data collection activities, the agency is active in cyber-warfare operations and strategic digital sabotage.
Suspilne, on the other hand, is the Ukrainian public service television and radio network, considered an official and authoritative source for institutional communications.

Extensive damage: loss of critical data and compromised infrastructure

The attack reportedly resulted in the destruction of large volumes of data, backups, corporate databases, and technical analyses of infrastructure such as pipelines and industrial sensors. Several server components were physically damaged, including SCADA systems and BIOS units, preventing machines from being switched on.

In detail, the reported damages include:

• Backup of Gazprom’s centralinformation system;
• Database of approximately 390 subsidiaries, including Gazprom Teplo Energo, Gazprom Obl Energo and Gazprom Energozbyt;
• Management data on 1C platforms, with legal documentation, contracts and internal regulations;
• Auxiliary systems for data protection, server administration and access control;
• Analytical bases for valves, pumps, industrial sensors and pipeline infrastructure;
• SCADA servers used in the operational and technical management of critical infrastructures;
• Compromised operating systems and BIOS, requiring manual intervention for recovery.

According to the GUR, more than 20,000 administrators lost access to the compromised systems.

Destructive software and inability to restart

In addition to the direct damage, Ukrainian specialists installed software designed to continue deleting data on the affected systems. Some servers are no longer bootable and require hardware interventions on physical components such as the motherboard or BIOS memory.

The ironic statement of Ukrainian intelligence

“The degradation of Russian information systems towards the technological medieval age continues. We take this opportunity to congratulate the Russian ‘cyber experts’ on yet another ‘conquest’ and advise them to gradually replace mice and keyboards with hammers and pliers, which will become the main tools of their trade,” a GUR source told Suspilne ironically.

Previous cyber operations conducted by the GUR

The attack on Gazprom is part of a broader cyber-warfare strategy conducted by Ukrainian military intelligence. Among the most relevant previous operations:

• May 2024: attack on the Ministry of Labour of the Russian Federation, blocking internal systems and publishing confidential data on the dark web.
  🔗 RBC.ua (in Ukrainian)
• April 2024: compromise of the Kremlin’s internal network, with the exfiltration of emails and documents belonging to senior officials.
  🔗 Ukrinform.net
• February 2024: targeted attack on the systems of the Russian public sector IT provider ‘ЛАНІТ’ (LANIT), causing disruptions in government communications.
  🔗 Liga.net (in Ukrainian)
• December 2023: Computer sabotage against the Russian railway company RZhD, resulting in large-scale delays in freight and passenger transport.
  🔗 NV.ua (in Ukrainian)

The GUR operations demonstrate an advanced technical capability and long-term strategic vision in weakening Russian critical infrastructure through digital means, confirming the increasingly hybrid and complex nature of the conflict.