The German wind sector has been the victim of a series of cyberattacks for more than two months, the start of the invasion of Ukraine. While the attribution of these attacks is complex, clues point to Russia. Cybercrime, collateral damage or state action, they go anyway in the direction of Moscow’s interests.
The Russian shadow hangs over cyberattacks
Three companies have been affected since the start of the conflict in Ukraine on February 24, according to a count by the wall street journal. Enercon GmbH, specializing in the manufacture of turbines and one of the world’s major players in wind power, was the first target. The order for 5,800 wind turbines was taken out of service in the early hours of the conflict.
Bored Ape Yacht Club: the famous collection of hacked NFTs
Most were able to continue running in automatic mode and Enercon issued a communicated on April 19 to declare that 95% were back online. The company took the opportunity to confirm ” that the disruption was caused by a cyberattack “, she specifies however, “ Enercon and Enercon customers were not the direct target “.
Bad luck, Enercon, like other organizations, was the indirect victim of the hacking of the KA-SAT satellite operated by Viasat. This cyberattack, most likely of Russian origin, aimed to disrupt Ukrainian communications and was partially successful, while causing a host of collateral damage.
The other two companies affected by cyberattacks were this time directly targeted. Nordex, a turbine manufacturer, and Windtechnik, a maintenance company, were both victims of ransomware on March 31 and April 12. Both had to cut their computer systems, in the case of WindTechnik the remote control system of 2,000 wind turbines was cut for one or two days.
In the case of Nordex the origin of the ransomware was claimed by the Conti group. This group of cybercriminals was talked about at the start of the war in Ukraine for its internal divisions. Pro-Russian, one of its members, pro-Ukrainian disclosed a number of internal information of the group.
Security experts mobilized with Windtechnik are trying to find out if Conti could be behind this cyberattack. According to the wall street journalthere would be links between Conti and the Russian services.
Wind turbines, critical infrastructure in Germany
Remote controlled or not, these attacks are rather welcome for the Kremlin. Faced with European sanctions, Russia benefits from a powerful lever: hydrocarbons. Europe is 40% dependent on Gazprom and therefore on Vladimir Putin for its gas deliveries, this is particularly true for Germany, 55% of which comes from Russia.
This lever, Moscow has just proved that it would not hesitate to use it. Gazprom has suspended gas delivery to Poland and Bulgaria, on the pretext that it does not pay in roubles. An obligation put in place on April 1 in Russia for “unfriendly” states.
Wind turbines represent 20% of the German energy mix, by trying to make them inoperative, official or unofficial support hopes to worsen Germany’s dependence on Russian gas. The three attacks had a limited impact and their motivation was partly undetermined, but they have the merit of questioning the strategic nature of the companies targeted and the resulting need for cybersecurity.