A threat actor known as Desec0x has claimed to possess a database allegedly stolen from the State Grid Corporation of China (SGCC), offering it for sale on the nuovo BreachForums. In the post, Desec0x claimed a cyberattack on SGCC and stated to have gained access through a third-party network, allowing them to exfiltrate sensitive data. The threat actor claimed that multiple databases containing user account information, user details, department information, and roles were accessed. The employee information allegedly includes headers such as eID, username, phone number, email, employee number, username, and password. The database is allegedly available in SQL and XLSX formats for US$1,000.

Potential Implications of Cyberattack on SGCC

Established on December 29, 2002, SGCC is the largest utility company in the world and consistently ranks second on the Fortune Global 500 list. SGCC operates as a group with RMB 536.3 billion in registered capital and employs 1.72 million people. It provides power to over 1.1 billion people across 26 provinces, autonomous regions, and municipalities, covering 88% of China's national territory. Additionally, SGCC owns and operates overseas assets in countries such as the Philippines, Brazil, Portugal, Australia, and Italy. If the claims of the cyberattack on SGCC made by Desec0x are proven to be true, the implications could be far-reaching. The sensitive nature of the data allegedly stolen, including personal and departmental information of SGCC employees, could have serious consequences for the company and its stakeholders. However, upon accessing the official SGCC website, no signs of foul play were detected, and the website appeared to be functioning normally.

Global Context of Cyberattacks in the Energy Sector

The energy sector has been increasingly targeted by cyberattacks, often involving third-party data breaches. According to Security Intelligence, 90% of the world’s top energy companies suffered from third-party data breaches in 2023. Additionally, nearly 60% of cyberattacks in the energy sector are attributed to state-affiliated actors. In late 2023, 22 energy firms were targeted in a large-scale coordinated attack on Danish infrastructure. In April 2024, a group called Cyber Army Russia claimed responsibility for a cyberattack on Consol Energy, a prominent American energy company headquartered in Cecil Township, Pennsylvania. This cyberattack reportedly disrupted the company's website accessibility, causing issues for users outside the United States. In March 2024, a dark web actor was reportedly selling access to an Indonesian energy company, believed to be the same threat actor who targeted an American manufacturer. In 2023, a suspected cyberattack on Petro-Canada was officially confirmed. Suncor Energy, the holding company of Petro-Canada, acknowledged that an IT outage over the weekend was indeed a cyberattack. The company stated that it took immediate action upon discovering the attack, collaborating with third-party experts to investigate and address the situation. This incident caused significant disruptions to Petro-Canada's operations, affecting gas stations and preventing customers from accessing the Petro-Canada app and website. In the case of the State Grid Corporation of China, the claims made by Desec0x remain unverified until an official statement is released by SGCC. Without confirmation from the company, the alleged cyberattack on SGCC and data breach cannot be substantiated. Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.