Team OneFist Destroys Natural Gas System At Russian Oil Hub, Knocks Power Plant And Airport Offline

Team OneFist, the internationathat l group of volunteer hackers which has repeatedly hit Russian infrastructure in an effort to hobble its war effort in Ukraine, has struck again. This time, its SCADA attack has left an important Russian oil hub dark and cold.

An attack on supervisory control and data acquisition systems or SCADA, used to monitor and and quickly analyze real-time data, can disrupt industrial systems and power grids. It is also considered a very complex form of cyber attack.

Team OneFist had carried out a similar attack earlier, operation Paper Mill, which it said added to the paper shortage in Russia and affected troop logistics. The latest hack targeted the natural gas system of Khanty-Mansiysk city, the administrative center of the Khanty-Mansi Autonomous Region.

The attack destroyed the city's natural gas facility, knocked out its power plant and caused a blackout at its airport.

Voltage, the founder of Team OneFist, said that the attack was a "priority mission" that forced the group to drop all their other attacks to shift their focus to a "very valuable target."

As the world's second biggest oil producing region (before western sanctions hit Russian oil) Khanty Mansi was the center of the old Soviet oil industry.

The Khanty Mansi Autonomous Okrug region still is home to about 70% of Russia's developed oil fields, roughly 450 in total. This includes Samotlor, the largest oil field in Russia and the sixth largest in the world. It is also the home of Russia's major oil players including Lukoil, Rosneft and Gazprom-Neft.

The city also hosts the annual Biathlon World Cup competitions, a winter sport consisting of rifle shooting and cross-country skiing. It hosted the 2010 Chess Olympiads.

In an exclusive interview to International Business Times, Voltage said the group moved swiftly into the attack, after a "quick study of the city," as soon as they forced their way into the natural gas SCADA system. They quickly realized that the city is a strategic target and an attack would hit at the core of the Russian oil industry itself -- the main source of funds for the Russian war effort in Ukraine.

But it took Team OneFist weeks to "understand and interpret the SCADA system," considering its size and the hospital and civilian sites that could also be impacted by an attack. Voltage admitted that despite their research, they were not able to "see the backup system at the airport until the attack began," adding that they had to improvise on the fly.

The cyber attack was like watching a thriller unfold before one's eyes in real time. It lasted four hours, of which three hours were spent fighting against a counter-attack by a Russian operative that Team OneFist members named "Vlad."

Voltage boasted: "Vlad tried to save the system from the airport" but the team found him and destroyed his backup system, leaving him with nothing."

The Team OneFist founder admitted that the Russian operative "was good," but his luck ran out when Voltage's team "deleted the database."

The SCADA system of Khanty-Mansiysk city's natural gas network along with its backup system at the airport was completely destroyed in the attack. Team OneFist did a recee of the system again to see how successful the Russians have been in restoring it, but "18 hours later the systems are still down." Voltage said this shows the city "had no other backups and will have to rebuild from scratch."

Voltage, however, clarified that Team OneFist scrupulously observes the rules of war and had taken steps to avoid potential damage to hospitals and civilians. The latest hack was launched by Team OneFist's new Ukrainian team members and Voltage as a "joint training-mission" to give the new members "a feel of what a SCADA attack is like."