MENR
Company Details
Linkedin ID:
ministry-of-energy-&-natural-resources
Website:
Employees number:
226
Number of followers:
712
NAICS:
921
Industry Type:
Homepage:
enerji.gov.tr
IP Addresses:
0
Company ID:
MIN_1862902
Scan Status:
In-progress
Ministry of Energy & Natural Resources Company CyberSecurity Posture
enerji.gov.tr
The Ministry of Energy and Natural Resources (MENR) was established upon Presidential Approval No. 4-400 dated 25.12.1963. According to Law No. 3154, the purpose of the Ministry of Energy and Natural Resources is to help define targets and policies related to energy and natural resources in a way that serves and guarantees the defense of our country, security, welfare, and strengthening of our national economy; and to ensure that energy and natural resources are researched, developed, generated and consumed in a way that is compatible with said targets and policies. The mission of MENR is stated in the Strategic Plan Year 2010-2014 as following: "It is our mission to ensure efficient, effective safe and environment-sensitive use of energy and natural resources in a way that reduces external dependency of our country, and makes the greatest contribution to our country's welfare."
Ministry of Energy & Natural Resources A.I CyberSecurity Scoring
MENR Risk Score (AI oriented)Between 700 and 749
MENR
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
MENR Global Score (TPRM)XXXX
MENR
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
MENR Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
Romania’s Ministry of Energy
Cyber Attack
Rankiteo Explanation
Attack threatening the economy of geographical region
Description: Romania’s Ministry of Energy is establishing a **Cybersecurity Incident Response Center in Energy (CSIRT)** in response to escalating cyber threats targeting the national energy sector. The initiative is driven by the liberalization of the energy market, geopolitical tensions (notably Russia’s war in Ukraine), and the risk of **multi-pronged cyberattacks** that could disrupt critical infrastructure, trigger panic, and destabilize energy prices. The ministry warns that without this center, cyberattacks could inflict **significant damage** on energy systems, with cascading effects on regional security—given Romania’s role as an electricity supplier to Moldova and Ukraine. The urgency stems from the potential for **large-scale attacks on national infrastructure**, including energy grids, which could paralyze services, harm civilian trust, and even threaten **strategic alliances**. The center will focus on **real-time monitoring, incident response, and forensic analysis** to mitigate risks. Failure to secure the sector could lead to **systemic failures**, financial losses, and geopolitical repercussions, given Romania’s position as a **regional security provider**. The ministry is investing in high-level cybersecurity talent (with salaries up to **€20,000**) to counter advanced threats, signaling the severity of the risk.
MENR Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for MENR
Incidents vs Public Policy Offices Industry Average (This Year)
Ministry of Energy & Natural Resources has 20.48% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
Ministry of Energy & Natural Resources has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types MENR vs Public Policy Offices Industry Avg (This Year)
Ministry of Energy & Natural Resources reported 1 incidents this year: 1 cyber attacks, 0 ransomware, 0 vulnerabilities, 0 data breaches, compared to industry peers with at least 1 incident.
Incident History — MENR (X = Date, Y = Severity)
MENR cyber incidents detection timeline including parent company and subsidiaries
MENR Company Subsidiaries
The Ministry of Energy and Natural Resources (MENR) was established upon Presidential Approval No. 4-400 dated 25.12.1963. According to Law No. 3154, the purpose of the Ministry of Energy and Natural Resources is to help define targets and policies related to energy and natural resources in a way that serves and guarantees the defense of our country, security, welfare, and strengthening of our national economy; and to ensure that energy and natural resources are researched, developed, generated and consumed in a way that is compatible with said targets and policies. The mission of MENR is stated in the Strategic Plan Year 2010-2014 as following: "It is our mission to ensure efficient, effective safe and environment-sensitive use of energy and natural resources in a way that reduces external dependency of our country, and makes the greatest contribution to our country's welfare."
Loading...
MENR Similar Companies
Permanent Mission of Nigeria to the United Nations, New York
Permanent Mission of Nigeria to the United Nations, New York is a Diplomatic Mission that represents Nigeria at the United Nations Headquarters in New York. It aims to facilitate Nigeria's relations with member states on issues touching on cooperation in international law, international security, ec
Campaign for Stronger Democracy
The Campaign for a Stronger Democracy will create a more powerful democracy reform movement by convening the broad range of individuals and organizations seeking to strengthen our democracy. Our work will not be done until the work of the whole democracy reform movement is done, ranging from electio
HCM Strategists
HCM Strategists (HCM) is a nationally renowned, woman-owned, and impact-driven consulting firm committed to advancing social and economic mobility through postsecondary education and career-connected learning. Since our founding in 2008, we have worked to eliminate inequities that prevent individual
Southern Plains Tribal Health Board
Welcome to the Southern Plains Tribal Health Board (SPTHB), a non-profit organization located in the heart of Oklahoma City, Oklahoma. Established in 1972, our mission is to serve as a unified voice, addressing the crucial tribal public health needs and policies of the 43 federally recognized tribes
ITUP
The mission of Insure the Uninsured Project (ITUP) is to advance creative and workable policy solutions that expand health care access and improve the health of Californians, through policy-focused research and broad-based stakeholder engagement. As an independent facilitator and honest broker, ITU
10,000 Friends of Pennsylvania
As Pennsylvania’s economy and population changes, 10,000 Friends of Pennsylvania generates credible, workable solutions for the Commonwealth’s future. Through services including public policy development, research, technical assistance, coalition building, advocacy, and education, we create land use
.png)
MENR CyberSecurity News
November 27, 2025 03:15 PM
German government to revise the grid connection procedure for large battery energy storage systems
German Federal Minister for Economic Affairs and Energy Katherina Reiche announced that the government intends to revise the grid connection...
November 27, 2025 01:43 PM
Concerned stakeholders petition Energy Minister over governance issues at GRIDCo
A group calling itself Concerned Citizens and Stakeholders in Ghana's power sector has petitioned the Minister of Energy to investigate what...
November 27, 2025 12:47 PM
UAE President appoints Undersecretary of the Ministry of Industry and Advanced Technology
President His Highness Sheikh Mohamed bin Zayed Al Nahyan has issued a federal decree appointing Hasan Jasem Nasser Al Nowais as...
November 27, 2025 11:11 AM
Opening Remarks delivered by the Permanent Secretary of the Ministry of Energy, Commerce and Industry of the Republic of Cyprus, Mr Marios Panayides, on behalf of the Minister of Energy, Commerce and Industry of the Republic of Cyprus, at the conferenc
It is a great honour to address you today on behalf of the Minister of Energy, Commerce and Industry, who conveys his full support for the...
November 27, 2025 10:30 AM
Another missing miner's body found at Inhulska uranium mine after accident
УНН Society ✎ The body of the miner was found on November 27 at the Inhulska mine of the SkhidHZK. He died as a result of an accident,...
November 27, 2025 08:16 AM
Indonesian industries begin energy transition, but coal remains necessary: DBS
Indonesia shifts toward cleaner energy, with natural gas leading coal alternatives, but coal remains needed for reliable supply during...
November 26, 2025 07:02 PM
Kuwait highlights carbon management, energy initiatives
KUWAIT: Undersecretary of the Ministry of Oil, Sheikh Dr Nimr Fahd Al-Malik Al-Sabah, affirmed on Wednesday that Kuwait showcased its...
November 26, 2025 03:07 PM
Zimbabwe: Steering Committee of GET.pro Country Window Confirms Drive for Clean Energy Investment
Inaugural meeting marks an important step towards strengthening the enabling environment for private sector investment.
November 26, 2025 12:01 PM
Nigeria: African Development Bank Group loans $500 million to support economic governance and energy transition
The Board of Directors of the African Development Bank Group, meeting in Abidjan, approved a $500 million loan to the Government of the...
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
MENR CyberSecurity History Information
Official Website of Ministry of Energy & Natural Resources
The official website of Ministry of Energy & Natural Resources is http://www.enerji.gov.tr.
Ministry of Energy & Natural Resources’s AI-Generated Cybersecurity Score
According to Rankiteo, Ministry of Energy & Natural Resources’s AI-generated cybersecurity score is 738, reflecting their Moderate security posture.
How many security badges does Ministry of Energy & Natural Resources’ have ?
According to Rankiteo, Ministry of Energy & Natural Resources currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does Ministry of Energy & Natural Resources have SOC 2 Type 1 certification ?
According to Rankiteo, Ministry of Energy & Natural Resources is not certified under SOC 2 Type 1.
Does Ministry of Energy & Natural Resources have SOC 2 Type 2 certification ?
According to Rankiteo, Ministry of Energy & Natural Resources does not hold a SOC 2 Type 2 certification.
Does Ministry of Energy & Natural Resources comply with GDPR ?
According to Rankiteo, Ministry of Energy & Natural Resources is not listed as GDPR compliant.
Does Ministry of Energy & Natural Resources have PCI DSS certification ?
According to Rankiteo, Ministry of Energy & Natural Resources does not currently maintain PCI DSS compliance.
Does Ministry of Energy & Natural Resources comply with HIPAA ?
According to Rankiteo, Ministry of Energy & Natural Resources is not compliant with HIPAA regulations.
Does Ministry of Energy & Natural Resources have ISO 27001 certification ?
According to Rankiteo,Ministry of Energy & Natural Resources is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of Ministry of Energy & Natural Resources
Ministry of Energy & Natural Resources operates primarily in the Public Policy Offices industry.
Number of Employees at Ministry of Energy & Natural Resources
Ministry of Energy & Natural Resources employs approximately 226 people worldwide.
Subsidiaries Owned by Ministry of Energy & Natural Resources
Ministry of Energy & Natural Resources presently has no subsidiaries across any sectors.
Ministry of Energy & Natural Resources’s LinkedIn Followers
Ministry of Energy & Natural Resources’s official LinkedIn profile has approximately 712 followers.
NAICS Classification of Ministry of Energy & Natural Resources
Ministry of Energy & Natural Resources is classified under the NAICS code 921, which corresponds to Executive, Legislative, and Other General Government Support.
Ministry of Energy & Natural Resources’s Presence on Crunchbase
No, Ministry of Energy & Natural Resources does not have a profile on Crunchbase.
Ministry of Energy & Natural Resources’s Presence on LinkedIn
Yes, Ministry of Energy & Natural Resources maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/ministry-of-energy-&-natural-resources.
Cybersecurity Incidents Involving Ministry of Energy & Natural Resources
As of November 28, 2025, Rankiteo reports that Ministry of Energy & Natural Resources has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
Ministry of Energy & Natural Resources has an estimated 1,024 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at Ministry of Energy & Natural Resources ?
Incident Types: The types of cybersecurity incidents that have occurred include Cyber Attack.
How does Ministry of Energy & Natural Resources detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an incident response plan activated with planned (csirt-energy establishment), and third party assistance with ukrainian cybersecurity agencies, third party assistance with moldovan cybersecurity agencies, third party assistance with national cybersecurity directorate (dnsc), and containment measures with sectoral csirt for real-time monitoring, containment measures with forensic investigation capabilities, containment measures with self-protection protocols, and communication strategy with public ordinance disclosure, communication strategy with media statements (e.g., news.ro), communication strategy with stakeholder coordination, and enhanced monitoring with yes (continuous monitoring as a core csirt function)..
Incident Details
Can you provide details on each incident ?
Title: Establishment of Romania’s Cybersecurity Incident Response Center in Energy (CSIRT-Energy) Amid Heightened Cyber Threat Landscape
Description: Romania’s Ministry of Energy published an emergency ordinance on **August 18, 2024**, to establish a **Cybersecurity Incident Response Center in Energy (CSIRT-Energy)**. The initiative aims to bolster the country’s energy sector against escalating cyber threats, particularly those stemming from geopolitical tensions (e.g., Russia’s war in Ukraine) and market vulnerabilities (e.g., liberalization, price fluctuations, and capital market exposure). The center will focus on **continuous monitoring, incident response, forensic investigations, and self-protection** to mitigate risks to national infrastructure, energy prices, and regional stability (Romania supplies electricity to Moldova and Ukraine). The ordinance highlights the urgency due to potential **multi-vector cyberattacks** that could disrupt critical infrastructure and induce civilian panic. The CSIRT-Energy will require **high-level cybersecurity specialists**, with salaries ranging from **EUR 4,500–5,000** (standard) to **EUR 20,000** (advanced skills). The project aligns with Romania’s role as a **regional security provider** and builds on prior collaborations with Ukrainian and Moldovan cybersecurity agencies.
Date Publicly Disclosed: 2024-08-18
Type: Strategic Initiative
Threat Actor: State-sponsored actors (implied: Russian Federation)Cybercriminal groups targeting energy infrastructure
Motivation: Geopolitical destabilizationEconomic disruption (energy price manipulation)Critical infrastructure sabotageRegional influence undermining
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Cyber Attack.
Impact of the Incidents
What was the impact of each incident ?
Incident : Strategic Initiative MIN621081925
Operational Impact: Potential panic among civilian populationDisruption to energy supply chainsRegional energy market instability
Brand Reputation Impact: Enhanced trust if CSIRT succeedsPotential reputational damage if attacks occur pre-implementation
Which entities were affected by each incident ?
Incident : Strategic Initiative MIN621081925
Entity Name: Romania’s Ministry of Energy
Entity Type: Government Ministry
Industry: Energy/Public Sector
Location: Romania
Incident : Strategic Initiative MIN621081925
Entity Name: Romanian Energy Sector (broad)
Entity Type: Public Utilities, Private Energy Companies, Critical Infrastructure Operators
Industry: Energy
Location: Romania
Customers Affected: Households, Businesses, Regional partners (Moldova, Ukraine)
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Strategic Initiative MIN621081925
Incident Response Plan Activated: Planned (CSIRT-Energy establishment)
Third Party Assistance: Ukrainian Cybersecurity Agencies, Moldovan Cybersecurity Agencies, National Cybersecurity Directorate (Dnsc).
Containment Measures: Sectoral CSIRT for real-time monitoringForensic investigation capabilitiesSelf-protection protocols
Communication Strategy: Public ordinance disclosureMedia statements (e.g., News.ro)Stakeholder coordination
Enhanced Monitoring: Yes (continuous monitoring as a core CSIRT function)
What is the company's incident response plan?
Incident Response Plan: The company's incident response plan is described as Planned (CSIRT-Energy establishment).
How does the company involve third-party assistance in incident response ?
Third-Party Assistance: The company involves third-party assistance in incident response through Ukrainian cybersecurity agencies, Moldovan cybersecurity agencies, National Cybersecurity Directorate (DNSC), .
Data Breach Information
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by sectoral csirt for real-time monitoring, forensic investigation capabilities, self-protection protocols and .
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Strategic Initiative MIN621081925
Regulatory Notifications: Emergency Ordinance published by Ministry of Energy
Lessons Learned and Recommendations
What lessons were learned from each incident ?
Incident : Strategic Initiative MIN621081925
Lessons Learned: Proactive sectoral CSIRTs are critical for energy security in geopolitically volatile regions., Cross-border cybersecurity collaboration (e.g., Romania-Ukraine-Moldova) enhances resilience., Market liberalization and capital exposure increase attack surfaces for energy sectors., Talent acquisition with competitive salaries is essential for specialized cybersecurity roles.
What recommendations were made to prevent future incidents ?
Incident : Strategic Initiative MIN621081925
Recommendations: Accelerate CSIRT-Energy operationalization with clear timelines., Expand partnerships with NATO/EU cybersecurity frameworks for threat intelligence sharing., Conduct red-team exercises to test energy infrastructure resilience., Develop public-private cybersecurity task forces for unified incident response., Monitor dark web for threats targeting Romanian energy assets.Accelerate CSIRT-Energy operationalization with clear timelines., Expand partnerships with NATO/EU cybersecurity frameworks for threat intelligence sharing., Conduct red-team exercises to test energy infrastructure resilience., Develop public-private cybersecurity task forces for unified incident response., Monitor dark web for threats targeting Romanian energy assets.Accelerate CSIRT-Energy operationalization with clear timelines., Expand partnerships with NATO/EU cybersecurity frameworks for threat intelligence sharing., Conduct red-team exercises to test energy infrastructure resilience., Develop public-private cybersecurity task forces for unified incident response., Monitor dark web for threats targeting Romanian energy assets.Accelerate CSIRT-Energy operationalization with clear timelines., Expand partnerships with NATO/EU cybersecurity frameworks for threat intelligence sharing., Conduct red-team exercises to test energy infrastructure resilience., Develop public-private cybersecurity task forces for unified incident response., Monitor dark web for threats targeting Romanian energy assets.Accelerate CSIRT-Energy operationalization with clear timelines., Expand partnerships with NATO/EU cybersecurity frameworks for threat intelligence sharing., Conduct red-team exercises to test energy infrastructure resilience., Develop public-private cybersecurity task forces for unified incident response., Monitor dark web for threats targeting Romanian energy assets.
What are the key lessons learned from past incidents ?
Key Lessons Learned: The key lessons learned from past incidents are Proactive sectoral CSIRTs are critical for energy security in geopolitically volatile regions.,Cross-border cybersecurity collaboration (e.g., Romania-Ukraine-Moldova) enhances resilience.,Market liberalization and capital exposure increase attack surfaces for energy sectors.,Talent acquisition with competitive salaries is essential for specialized cybersecurity roles.
What recommendations has the company implemented to improve cybersecurity ?
Implemented Recommendations: The company has implemented the following recommendations to improve cybersecurity: Monitor dark web for threats targeting Romanian energy assets., Accelerate CSIRT-Energy operationalization with clear timelines., Expand partnerships with NATO/EU cybersecurity frameworks for threat intelligence sharing., Develop public-private cybersecurity task forces for unified incident response. and Conduct red-team exercises to test energy infrastructure resilience..
References
Where can I find more information about each incident ?
Incident : Strategic Initiative MIN621081925
Source: Romania-Insider
URL: https://www.romania-insider.com
Date Accessed: 2024-08-18
Incident : Strategic Initiative MIN621081925
Source: News.ro (cited in ordinance)
URL: https://www.news.ro
Incident : Strategic Initiative MIN621081925
Source: Ministry of Energy Emergency Ordinance (Draft)
Date Accessed: 2024-08-18
Where can stakeholders find additional resources on cybersecurity best practices ?
Additional Resources: Stakeholders can find additional resources on cybersecurity best practices at and Source: Romania-InsiderUrl: https://www.romania-insider.comDate Accessed: 2024-08-18, and Source: News.ro (cited in ordinance)Url: https://www.news.ro, and Source: Ministry of Energy Emergency Ordinance (Draft)Date Accessed: 2024-08-18.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Strategic Initiative MIN621081925
Investigation Status: Ongoing (CSIRT-Energy in formation stage)
How does the company communicate the status of incident investigations to stakeholders ?
Communication of Investigation Status: The company communicates the status of incident investigations to stakeholders through Public Ordinance Disclosure, Media Statements (E.G., News.Ro) and Stakeholder Coordination.
Stakeholder and Customer Advisories
Were there any advisories issued to stakeholders or customers for each incident ?
Incident : Strategic Initiative MIN621081925
Stakeholder Advisories: Energy Companies, National Cybersecurity Directorate (Dnsc), Ukrainian/Moldovan Cybersecurity Agencies, Eu/Nato Partners.
Customer Advisories: General public (via media)Regional energy consumers (Moldova, Ukraine)
What advisories does the company provide to stakeholders and customers following an incident ?
Advisories Provided: The company provides the following advisories to stakeholders and customers following an incident: were Energy Companies, National Cybersecurity Directorate (Dnsc), Ukrainian/Moldovan Cybersecurity Agencies, Eu/Nato Partners, General Public (Via Media), Regional Energy Consumers (Moldova, Ukraine) and .
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Strategic Initiative MIN621081925
High Value Targets: Energy Trading Platforms, Grid Control Systems, Capital Market-Listed Energy Firms,
Data Sold on Dark Web: Energy Trading Platforms, Grid Control Systems, Capital Market-Listed Energy Firms,
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Strategic Initiative MIN621081925
Root Causes: Geopolitical Tensions (Russia-Ukraine War) Increasing Cyber-Risk Appetite., Energy Market Liberalization Creating New Attack Vectors., Lack Of Sector-Specific Csirt Prior To This Initiative.,
Corrective Actions: Establishment Of Csirt-Energy With High-Level Specialists., Regional Cybersecurity Alliances For Shared Defense., Competitive Salaries To Attract Top Talent.,
What is the company's process for conducting post-incident analysis ?
Post-Incident Analysis Process: The company's process for conducting post-incident analysis is described as Ukrainian Cybersecurity Agencies, Moldovan Cybersecurity Agencies, National Cybersecurity Directorate (Dnsc), , Yes (continuous monitoring as a core CSIRT function).
What corrective actions has the company taken based on post-incident analysis ?
Corrective Actions Taken: The company has taken the following corrective actions based on post-incident analysis: Establishment Of Csirt-Energy With High-Level Specialists., Regional Cybersecurity Alliances For Shared Defense., Competitive Salaries To Attract Top Talent., .
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an State-sponsored actors (implied: Russian Federation)Cybercriminal groups targeting energy infrastructure.
Incident Details
What was the most recent incident publicly disclosed ?
Most Recent Incident Publicly Disclosed: The most recent incident publicly disclosed was on 2024-08-18.
Response to the Incidents
What third-party assistance was involved in the most recent incident ?
Third-Party Assistance in Most Recent Incident: The third-party assistance involved in the most recent incident was ukrainian cybersecurity agencies, moldovan cybersecurity agencies, national cybersecurity directorate (dnsc), .
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Sectoral CSIRT for real-time monitoringForensic investigation capabilitiesSelf-protection protocols.
Lessons Learned and Recommendations
What was the most significant lesson learned from past incidents ?
Most Significant Lesson Learned: The most significant lesson learned from past incidents was Talent acquisition with competitive salaries is essential for specialized cybersecurity roles.
What was the most significant recommendation implemented to improve cybersecurity ?
Most Significant Recommendation Implemented: The most significant recommendation implemented to improve cybersecurity was Monitor dark web for threats targeting Romanian energy assets., Accelerate CSIRT-Energy operationalization with clear timelines., Expand partnerships with NATO/EU cybersecurity frameworks for threat intelligence sharing., Develop public-private cybersecurity task forces for unified incident response. and Conduct red-team exercises to test energy infrastructure resilience..
References
What is the most recent source of information about an incident ?
Most Recent Source: The most recent source of information about an incident are News.ro (cited in ordinance), Ministry of Energy Emergency Ordinance (Draft) and Romania-Insider.
What is the most recent URL for additional resources on cybersecurity best practices ?
Most Recent URL for Additional Resources: The most recent URL for additional resources on cybersecurity best practices is https://www.romania-insider.com, https://www.news.ro .
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing (CSIRT-Energy in formation stage).
Stakeholder and Customer Advisories
What was the most recent stakeholder advisory issued ?
Most Recent Stakeholder Advisory: The most recent stakeholder advisory issued was Energy companies, National Cybersecurity Directorate (DNSC), Ukrainian/Moldovan cybersecurity agencies, EU/NATO partners, .
What was the most recent customer advisory issued ?
Most Recent Customer Advisory: The most recent customer advisory issued were an General public (via media)Regional energy consumers (Moldova and Ukraine).
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=ministry-of-energy-&-natural-resources' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
