Berlin prosecutors have formally charged a 30-year-old German man accused of carrying out the Rosneft cyberattack in March 2022, an incident that severely disrupted one of Germany’s most critical energy companies and caused millions of euros in damages.
The Berlin Public Prosecutor’s Office announced that the suspect faces two counts of data espionage, including one charge of particularly serious computer sabotage. According to investigators from the Federal Criminal Police Office (BKA), the hacker infiltrated the systems of Rosneft Deutschland GmbH, stole around 20 terabytes of data, and deleted critical files that formed part of Germany’s critical infrastructure in the energy sector.
Anonymous Germany Hack Targeted Critical Infrastructure
The Rosneft Deutschland cyberattack unfolded just weeks after Russia launched its full-scale invasion of Ukraine, placing European energy companies under pressure. Rosneft Deutschland, the German subsidiary of Russia’s state-owned oil giant, was classified as part of the country’s critical infrastructure and became a target for hacktivist activity.
The man accused was allegedly linked to Anonymous Germany, a hacking group that publicly claimed responsibility for the breach. The hackers said their attack was motivated by Rosneft’s ties to Russian President Vladimir Putin and its attempts to evade international sanctions.
Screenshots later posted online suggested the attackers had administrator rights over dozens of systems, including at least 59 Apple devices. The hackers also embedded the slogan “Glory to Ukraine” into Rosneft’s infrastructure, framing the attack as a protest against Russia’s war.
Cyberattack After Russia’s Invasion Caused Millions in Damages
The financial impact of the Rosneft cyberattack was severe. Prosecutors said Rosneft Deutschland was forced to shut down its IT systems entirely, launch a forensic investigation, and initiate emergency recovery operations. These actions alone cost the company around €9.76 million ($11.39 million).
In addition, delivery logistics and business operations were severely disrupted, leaving the company unable to negotiate short-term energy contracts or respond to volatile market conditions. The disruptions caused an additional €2.59 million ($2.84 million) in losses, bringing total damages to well over €12 million.
While the cyberattack on critical infrastructure disrupted internal communications and caused temporary delivery issues, prosecutors noted it did not lead to a major interruption in oil supply for the Berlin-Brandenburg region.
20 Terabytes of Data Stolen in Rosneft Cyberattack
Investigators allege the hacker stole approximately 20 terabytes of data during the March 2022 intrusion. The files were later published on a website reportedly run by the accused and two other members of Anonymous.
The website, which displayed lists of stolen files and documents, was active until mid-2023 but has since been taken offline. According to prosecutors, the Rosneft cyberattack compromised not only corporate data but also threatened the stability of operations at a time when Europe was facing a major energy crisis.
Berlin Prosecutor Pursues Computer Sabotage Charges
The Berlin Public Prosecutor’s Office has filed charges with the Tiergarten District Court, which will now decide whether to proceed with a full trial. If convicted of computer sabotage and data espionage, the suspect could face a lengthy prison sentence under Germany’s cybercrime laws.
The case is notable not only for the scale of the data theft but also because it highlights the role of hacktivist groups like Anonymous Germany in blending political motives with digital sabotage.
Germany’s Federal Office for Information Security (BSI) said at the time that the attack highlighted vulnerabilities in the country’s critical infrastructure cyber defense. Officials warned that even though Rosneft was able to avoid a full supply crisis, the case showed how cyberattacks on critical infrastructure could ripple through energy markets and disrupt essential services.
A Broader Conflict in Cyberspace
The Rosneft cyberattack is one example of how the war in Ukraine extended beyond physical battlefields into cyberspace. While governments, militaries, and corporations have dealt with conventional attacks and sanctions, hacktivist collectives like Anonymous have waged their own campaigns online.
For Rosneft Deutschland, the incident remains a costly reminder of how vulnerable critical energy companies can be. For German prosecutors, the upcoming trial could set an important precedent in holding individuals accountable for politically motivated cyberattacks on critical infrastructure.
