Pentest for national gas storage & transit operator
BlackBox assessment of SAP ERP and the IT backbone underpinning Ukraine's underground gas storage network.
UkrTransGaz operates Ukrainian UGS facilities and is responsible for upgrading and constructing gas pipelines and their objects. The company managed the Ukrainian gas transmission network until 2020.
UkrTransGaz owns 12 underground storage facilities located across Ukraine, with an active volume of 31 bcm — proportionate to UGS facilities of Italy, France, Hungary and Austria put together.
UkrTransGaz recognised the paramount importance of securing its core SAP ERP system and associated IT assets. This mission-critical infrastructure underpins gas storage and transportation operations, requiring a proactive assessment of cybersecurity resilience.
A targeted pentesting initiative was undertaken, zeroing in on the SAP ERP environment and its supporting IT infrastructure. The evaluation spanned network and application layers, scrutinising organisational security aspects like processes and controls.
Testing encompassed scenarios involving external and internal network attack vectors, simulating both remote attackers and insider threats. The BlackBox assessment was selected — with limited information, mimicking real-world attack scenarios without prior system knowledge.
Our pentesting methodology is based on leading standards — PTES, NIST SP 800-115, OSSTMM, OWASP — and improved by our own 15 years of experience.
During pentesting, a full set of common pentester tools was used — but the main key to success was manual analysis: interconnecting individual vulnerability exploitation results to escalate privileges and demonstrate practical IT-infrastructure compromise.
The rigorous assessment unveiled potential vulnerabilities and exploitation paths that could jeopardise the confidentiality, integrity, and availability of UkrTransGaz's critical SAP ERP system and IT backbone.
Comprehensive remediation guidance empowered the client to prioritise and implement robust security enhancements. By diligently addressing the findings, UkrTransGaz fortified defences against cyber threats, safeguarding business continuity and the reliability of gas storage and transit operations at national level.
Moreover, the assessment highlighted opportunities to bolster security processes, policies, and the overall cybersecurity posture — fostering an environment of continuous improvement and resilience against evolving threats.
More case studies
View allUkrhydroenergo
Two-phase external and SCADA-focused internal testing for the largest hydro generator in Ukraine.
Read case studyPrykarpattiaoblenergo
Phishing simulation and BlackBox web app pentest for a major Ukrainian electricity distributor.
Read case studyCarlsberg
A decade of pentesting partnership with one of the world's leading brewery groups.
Read case studyHave a similar
challenge in mind?
We'll scope a senior-led penetration test against your specific environment — and deliver Technical, Executive and Action-plan reports that translate findings into business decisions.
- Reply within one business day
- NDA on request — no obligation
- Speak directly with our Head of OffSec
- Tailored scope & clear pricing