Ukrainian cyber military command conducted crippling cyberattack on Russian energy behemoth Gazprom this week, destroying vital infrastructure and wiping out huge databases in one of Russia-Ukraine war’s most destructive cyber operations

Internal sources at Ukraine’s Military Intelligence Directorate (HUR) verified for the Kyiv Independent that their top Cyber Corps unit hacked into Gazprom’s inner network on July 17th, launching custom-made malware that would cause lasting havoc on the state-owned institution that is powering Russia’s war effort.

Digital Annihilation Technique

The Ukrainian hackers wrought record-level physical damage:

Ongoing Data Wipe: Principal servers, backup servers, and 10 high-capacity 1C servers—handling Gazprom’s contracts, finance, and technical operations—were wiped clean systematically.

Hardware Sabotage: BIOS firmware virus-infected and operating systems erased from computers, requiring physical component replacement.

“Logic Bomb” Deployment: Dormant malware continues to cripple systems days after initial penetration.

20,000 Administrators Locked Out: IT staff throughout Russia continue to be locked out of internal networks.

HUR’s official statement constructed the attack as revenge:

“We are taking Russian energy infrastructure back to the technological Stone Age. Occupiers should trade keyboards for hammers.”

Strategic Paralysis

The strike crippled on purpose Gazprom’s revenue sources and activities:
390 Subsidiaries Frozen: Including key divisions such as Gazprom Teplo Energo (electricity/heating) and Gazprom Energozbyt (sales).

SCADA Systems Disabled: Real-time monitoring of pipeline pressure, valves, and pumps disabled throughout Russia’s 170,000-km gas network.

Economic Warfare Success: Destruction of contract database stops exports to Asia—Gazprom’s only lifeline since EU sanctions slashed its European market by 80%.

Silence Speaks Volumes

Strangely, neither the Kremlin nor Gazprom made an official comment—a welcome break from Russia’s usual propaganda reaction to Ukrainian missile attacks. Cyber experts take the silence as evidence of devastating damage.

Pressure from Moldova Increased Days Later
Moldova ramped up pressure days later, supporting UK sanctions on GRU cyber units and denouncing attacks on “European security”—a thinly veiled objection against Ukraine’s hackers.

Punishment-Seeking Hackers’ Pattern
The attack is following a pattern of relentless strikes from Ukraine’s military cyber units:

July 9, 2025: HUR hackers erased 47TB of data at Russian drone manufacturer Haskar Integration.

July 15, 2025: DDoS crashes Gazprom/Gazpromneft customer portals—a salute to Ukraine’s 1918 Heroes of Kruty.

May 2025: Orion Telecom internet backbone sabotaged, Russian military communications disrupted.

Why Gazprom?

Gazprom paid $11 billion into Russia’s Q1 2025 federal budget—money used for missiles now battering Ukrainian cities. As HUR Cyber Commander Illia Vitiuk announced in June:

“Our task is to burn the occupier’s infrastructure—first, virtually, and then physically.”

Leaked FSB reports in 2023 had alerted against Gazprom’s vulnerable Soviet-era control systems, but repairs were postponed to fund weapons production. Ukrainian hackers took advantage of these vulnerabilities mercilessly.

Expert Insight
Maria Chernyshova (Cyber Conflict Analyst, Atlantic Council):

“This is beyond classic hacking. BIOS corruption has low-level system access—it’s code-enabled physical sabotage. Ukraine’s cyber military now competes with nation-states.”

Kirill Budanov (HUR Chief) suggested escalation in a June Politico interview:

“The weaker Russia’s logistics, the fewer missiles hit Kharkiv. Cyber warfare saves Ukrainian lives.”

The Human Impact
Although Kyiv Independent could not confirm physical damage scales independently, Gazprom employees reported pandemonium on Russian tech forums:

“Servers are dead. Not offline—DEAD.” (User SysAdmin_Gasprom)

“1C databases gone. Years of contracts vanished.” (User FinControl_Tyumen)

What’s Next?
Recovery would take months, prompting Gazprom to:

Suspend new contracts with China/Turkey

Delay Arctic LNG projects

Rely on paper-based operations

Russia can retaliate in kind with destabilizing strikes on European energy infrastructure, but cyber warriors out of Ukraine have proven to be more technically sophisticated than Moscow’s GRU-sponsored “hacktivists.”

Conclusion

This attack is a departure from the norm: Ukrainian military hackers have moved beyond disruption to targeted infrastructure destruction. While Gazprom frantically substitutes servers with typewriters, the cyber front is as dramatic as the battlefield