Ukrainian hackers have reportedly wiped servers, clouds and backups, crippling the control systems in an unprecedented cyberattack on Russia’s gas champion Gazprom, Euromaidan Press reported on July 19.

The Ukrainian cyber operation has reportedly destroyed the core digital infrastructure of Russia’s state-owned gas giant, in an attack described by Ukrainian defence officials as “unprecedented” in scale and depth, according to sources within Ukraine’s Defence Intelligence (HUR).

The hackers are said to have accessed and then wiped data from Gazprom’s physical servers, cloud storage and backup systems, targeting critical components that manage the company’s gas distribution, financial operations and internal processes. According to the HUR source, “Ukraine’s intelligence operatives obtained full access to all of Gazprom’s information systems”, including analytics platforms, internal servers and digital accounts across the company’s operational network.

The attack comes as Ukraine is increasingly taking the fight to Russia after enduring more than three years of an invasion and now an escalating missile war that has seen the number of drone and missile attack balloon.

Last month, Ukraine’s special service carried out Operation Spiderweb on June 1 where drones smuggled deep into the interior of Russia’ heartline destroyed billions of dollars’ worth of irreplaceable long-distance strategic bombers.

In addition to the cyberattack, Ukraine has begun to target Moscow again with its long-range drones. Three drones hit targets in Moscow over the weekend, despite US President Donald Trump’s recent admonition, advising Kyiv not to bomb Moscow.

Gazprom operational meltdown

A sustained Ukrainian drone attack on Russia caused Moscow's major airports to be temporarily closed and saw at least 140 flights cancelled on July 20, officials said. More than 230 Ukrainian drones have been downed over Russia since Saturday morning – including 27 over the capital – according to the Russian defence ministry.

Not only is the cyberattack on Gazprom humiliating, it could potential cause major economic damage. It has long been a pillar of the Kremlin’s economic and geopolitical strategy, often referred to as “Russia’s second budget” for its role in financing state operations. Despite severe international sanctions that have significantly reduced its revenues, Gazprom continues to provide funding for Russia’s military efforts in Ukraine.

Suspilne reported that the cyberattack, which took place on July 17, began with a full infiltration of Gazprom’s IT systems and concluded with the systematic erasure of all digital assets. “The operation began with full infiltration and ended with a coordinated deletion of all available data – including security systems, server control modules, and support networks,” the HUR source said.

Prior to the deletion, Ukrainian operatives reportedly extracted hundreds of terabytes of data, including over 20,000 user accounts bearing electronic signatures. These accounts covered all tiers of Gazprom’s hierarchy, giving Ukrainian intelligence full access to the company’s internal architecture.

The breach reportedly affected more than 390 subsidiaries and branches, including Gazprom Teplo Energo, Gazprom Obl Energo and Gazprom Energosbyt. It extended into SCADA and GIS systems, which are used to manage gas pressure, flow distribution and infrastructure monitoring. According to the source, “These platforms were completely wiped from both servers and cloud environments.”

Additional deletions included Gazprom’s financial records, tax filings, contracts, legal documentation and operational modules related to tariffs, payments, customer volumes and regulatory compliance. The attack also disabled administrative systems, internal directives and 1С server clusters, which contained corporate files for Gazprom and its affiliates.

The HUR source warned that the scale of the attack could result in a partial or complete collapse of Gazprom’s operational capacity. “Without operational systems, the state corporation may be unable to sign new contracts, manage its gas supply network, or maintain stable financial operations,” the source told Suspilne. Potential outcomes include gas delivery disruptions, defaults on obligations and devaluation of Gazprom’s stock, with possible knock-on effects for banks exposed to the company.

The cyber operatives used custom-developed tools to ensure all backups were permanently erased, eliminating any recovery path for the lost data, the source said.