The German wind industry has been the victim of a series of cyberattacks for more than two months, the beginning of the invasion of Ukraine. While the attribution of these attacks is complex, there are indications that point to Russia. Cybercrime, collateral damage or state action, they are in any case in the direction of Moscow’s interests.
The Russian shadow hovers over the cyber attacks
Three companies have been hit since the conflict in Ukraine began on February 24, according to a count by the Wall Street Journal. Enercon GmbH, a turbine manufacturer and one of the world’s leading wind power companies, was the first to be targeted. The order for 5,800 wind turbines was taken out of service in the first hours of the conflict.
Most were able to continue running in automatic mode and Enercon released a press release on April 19 to state that 95% were back online. The company took the opportunity to confirm ” that the disruption was caused by a cyberattack “, it states, however, ” Enercon and Enercon’s customers were not the direct target “.
Unluckily, Enercon, like other organizations, was the indirect victim of the hacking of the KA-SAT satellite operated by Viasat. This cyberattack, most likely of Russian origin, was aimed at disrupting Ukrainian communications and was partly successful, while causing a lot of collateral damage.
The other two companies affected by cyber attacks were, this time, directly targeted. Nordex, a turbine manufacturer, and Windtechnik, a maintenance company, were both victims of ransomware on March 31 and April 12. Both had to shut down their computer systems, in the case of Windtechnik the remote control system of 2,000 wind turbines was shut down for one or two days.
In the case of Nordex, the origin of the ransomware was claimed by the Conti group. This group of cybercriminals made news at the beginning of the war in Ukraine for its internal divisions. Pro-Russian, one of its pro-Ukrainian members leaked some of the group’s internal information.
Security experts mobilized at Windtechnik are trying to find out if Conti could be behind the cyberattack. According to the Wall Street Journal there would be links between Conti and the Russian services.
Wind turbines, critical infrastructure in Germany
Remote-controlled or not, these attacks are rather welcome for the Kremlin. Faced with European sanctions, Russia has a powerful lever: hydrocarbons. Europe is 40% dependent on Gazprom and therefore on Vladimir Putin for its gas deliveries. This is particularly true for Germany, 55% of which comes from Russia.
Moscow has just proved that it will not hesitate to use this lever. Gazprom has suspended gas deliveries to Poland and Bulgaria, under the pretext that it was not paying in rubles. An obligation introduced on April 1 in Russia for “unfriendly” states.
Wind turbines account for 20% of the German energy mix, by trying to make them inoperative an official or unofficial support hopes to worsen German dependence on Russian gas. The three attacks had a limited impact and their motivation partly undetermined, but they have the merit of questioning the strategic nature of the targeted companies and the resulting need for cybersecurity.
.
