Venezuela’s state-owned oil giant Petróleos de Venezuela (PDVSA) suffered a major cyberattack over the December 13-14, 2025 weekend, halting oil exports and exposing vulnerabilities in critical energy infrastructure. The incident disrupted systems at key crude terminals, forcing a temporary shutdown of cargo deliveries amid heightened U.S.-Venezuela tensions.
Attack Timeline and Impact
The breach targeted PDVSA’s central export management systems, leaving operations offline into December 15 and causing tankers to make U-turns. An internal memo directed staff to isolate networks, disable WiFi and Starlink, and switch to manual processes, hinting at ransomware tactics. Despite official claims of minimal disruption to production, sources confirmed no oil loadings occurred initially, amplifying economic strain on Venezuela’s oil-dependent economy.
Geopolitical Finger-Pointing
PDVSA quickly attributed the attack to the U.S. government and “domestic traitors,” tying it to a recent U.S. seizure of a PDVSA tanker with 2 million barrels of oil—the first such action since 2019 sanctions. This fits a pattern of cyber tensions, including U.S. blockades on sanctioned vessels. No independent attribution has confirmed state involvement, but the timing underscores hybrid threats blending cyber and sanctions warfare.
Containment and Resilience
PDVSA isolated oilfields, refineries, and ports from the compromised core, resuming deliveries by December 17 with manual oversight. Chevron successfully loaded two U.S.-bound cargoes that day, signaling recovery.For cybersecurity pros tracking CISA KEV trends, this highlights the need for air-gapped OT networks and rapid segmentation in energy sectors.
