PJSC "Rosseti"
Company Details
Linkedin ID:
pjsc-rosseti-
Website:
Employees number:
126
Number of followers:
428
NAICS:
211
Industry Type:
Homepage:
rosseti.ru
IP Addresses:
0
Company ID:
PJS_6139343
Scan Status:
In-progress
PJSC "Rosseti" Company CyberSecurity Posture
rosseti.ru
Rosseti, Public Joint Stock Company (PJSC ROSSETI) – an operator of energy grids in Russia, is one of the largest electric companies in the world. The company maintains 2.30 million km of power transmission lines, 490,000 substations with transformer capacity of more than 761 GW. In 2015, net power supply to consumers amounted to 720,5 billion kWh. The number of employees of the Rosseti Group of Companies is 216,000 people. The asset portfolio of PJSC ROSSETI includes 37 subsidiaries and affiliates, including 14 interregional and a main network company. The controlling shareholder of the company is the state represented by the Federal Agency for State Property Management of the Russian Federation, which owns 87.9% of the share capital. PJSC ROSSETI is a leading company in the Russian market in introducing innovative technologies to the main and distribution grid complex. The company pays great attention to such issues as energy conservation, energy efficiency, international cooperation, environmental protection and occupational safety.
PJSC "Rosseti" A.I CyberSecurity Scoring
PJSC "Rosseti" Risk Score (AI oriented)Between 700 and 749
PJSC "Rosseti"
Updated:
- Powered by our proprietary A.I cyber incident model
- Insurance preferes TPRM score to calculate premium
PJSC "Rosseti" Global Score (TPRM)XXXX
PJSC "Rosseti"
- Instant access to detailed risk factors
- Benchmark vs. industry & size peers
- Vulnerabilities
- Findings
PJSC "Rosseti" Company CyberSecurity News & History
Past Incidents
1
Attack Types
1
PJSC Sberbank
Breach
Rankiteo Explanation
Attack with significant impact with customers data leaks: Attack which causes leak of personal information of customers
Description: PJSC Sberbank's security apparatus, in collaboration with Russian authorities, arrested three individuals for manufacturing and distributing 'Mamont,' an Android banking trojan that was spread through Telegram channels. The malware allowed illicit fund transfers from victims' accounts, made feasible by theft of banking credentials and sensitive financial data. Over 300 cybercrimes have been attributed to this scheme, comprising fraudulent transactions and unauthorized access to banking information. Authorities have seized equipment connected to the operation and have taken legal action against the perpetrators, continuing investigations into potential accomplices.
PJSC "Rosseti" Company Scoring based on AI Models
Cyber Incidents Likelihood 3 - 6 - 9 months
A.I Risk Score Likelihood 3 - 6 - 9 months
Underwriter Stats for PJSC "Rosseti"
Incidents vs Oil and Gas Industry Average (This Year)
PJSC "Rosseti" has 19.05% more incidents than the average of same-industry companies with at least one recorded incident.
Incidents vs All-Companies Average (This Year)
PJSC "Rosseti" has 56.25% more incidents than the average of all companies with at least one recorded incident.
Incident Types PJSC "Rosseti" vs Oil and Gas Industry Avg (This Year)
PJSC "Rosseti" reported 1 incidents this year: 0 cyber attacks, 0 ransomware, 0 vulnerabilities, 1 data breaches, compared to industry peers with at least 1 incident.
Incident History — PJSC "Rosseti" (X = Date, Y = Severity)
PJSC "Rosseti" cyber incidents detection timeline including parent company and subsidiaries
PJSC "Rosseti" Company Subsidiaries
Rosseti, Public Joint Stock Company (PJSC ROSSETI) – an operator of energy grids in Russia, is one of the largest electric companies in the world. The company maintains 2.30 million km of power transmission lines, 490,000 substations with transformer capacity of more than 761 GW. In 2015, net power supply to consumers amounted to 720,5 billion kWh. The number of employees of the Rosseti Group of Companies is 216,000 people. The asset portfolio of PJSC ROSSETI includes 37 subsidiaries and affiliates, including 14 interregional and a main network company. The controlling shareholder of the company is the state represented by the Federal Agency for State Property Management of the Russian Federation, which owns 87.9% of the share capital. PJSC ROSSETI is a leading company in the Russian market in introducing innovative technologies to the main and distribution grid complex. The company pays great attention to such issues as energy conservation, energy efficiency, international cooperation, environmental protection and occupational safety.
Loading...
PJSC "Rosseti" Similar Companies
TechnipFMC
TechnipFMC is a leading technology provider to the traditional and new energies industry, delivering fully integrated projects, products, and services. With our proprietary technologies and comprehensive solutions, we are transforming our clients’ project economics, helping them unlock new possibi
Besmindo Group
Besmindo Group is a leader in providing new tool joints; repair & redress of tool joints, pup joints, drill pipes, threads for tool joints and OCTG tubing. The mission is to continually provide these and other services by promoting a reputation for excellence and value while fully anticipating, then
Marathon Petroleum Corporation
Marathon Petroleum Corporation (MPC) is a leading, integrated, downstream and midstream energy company headquartered in Findlay, Ohio. The company operates the nation's largest refining system. MPC's marketing system includes branded locations across the United States, including Marathon brand retai
Shell is a global group of energy and petrochemical companies, employing 103,000 people and with operations in more than 70 countries. We serve more than 1 million commercial and industrial customers, and around 33 million customers daily at more than 47,000 Shell-branded retail service stations. O
Fortune Global 500 Company, Bharat Petroleum is the second largest Indian Oil Marketing Company and one of the premier integrated energy companies in India, engaged in refining of crude oil and marketing of petroleum products, with a significant presence in the upstream and downstream sectors of the
Tenaris
Tenaris is a leading supplier of tubes and related services for the world’s energy industry and certain other industrial applications. Our mission is to deliver value to our customers through product development, manufacturing excellence, and supply chain management. Tenaris employees around the wor
Suncor
In 1967, we pioneered commercial development of Canada's oil sands – one of the largest petroleum resource basins in the world. Since then, Suncor has grown to become a globally competitive integrated energy company with a balanced portfolio of high-quality assets, a strong balance sheet and signifi
PDVSA Petróleos de Venezuela S.A.
Petróleos de Venezuela S.A. is a Venezuelan state company, began operations on January 1st, 1976 and whose activities are the oil exploration, production, refining, marketing and transportation of Venezuelan oil as well as the orimulsion, chemical, petrochemical businesses and coal. We have the lar
En YPF, tenemos un Plan 4x4 para convertirnos en una compañía de clase mundial y lograr transformarnos en grandes exportadores de hidrocarburos. Nuestros cuatro pilares son: la aceleración de la producción de petróleo en Vaca Muerta, el activo más importante que tiene nuestro país; la disciplina f
.png)
PJSC "Rosseti" CyberSecurity News
November 27, 2025 11:21 AM
FCC Chairman Carr’s trust in telecom-led cybersecurity is audacious
The Federal Communications Commission (FCC) decision late last week to rescind a telecom cybersecurity ruling enacted during the last days...
November 27, 2025 10:31 AM
New telecom cybersecurity rules in force, DoT clarifies enforcement status
New telecom cybersecurity rules in force, DoT clarifies enforcement status - New Delhi [India] November 27 : The Department of...
November 27, 2025 10:24 AM
SGS Highlights Cybersecurity Capabilities With World’s First EU RED-NB Certification and Cybersecurity Mark
HONG KONG, Nov. 26, 2025 /PRNewswire/ -- SGS, the world's leading testing, inspection and certification company, has awarded Ruijie Networks...
November 27, 2025 10:23 AM
UWF B.S. in Cybersecurity AI specialization approved as a National Center of Academic Excellence in Cyber Artificial Intelligence Program of Study
Pensacola, Fla. – Nov. 19, 2025 – The University of West Florida's new AI specialization in the B.S. in Cybersecurity program has been...
November 27, 2025 10:20 AM
Defense Cybersecurity Market Booms as Nations Strengthen
Press release - Exactitude Consultancy - Defense Cybersecurity Market Booms as Nations Strengthen Digital Warfare Capabilities and Modernize...
November 27, 2025 10:01 AM
Mauritania Deepens Cybersecurity Cooperation With Arab States in Doha Drill
Mauritania joined 20 other countries in Doha for the first Arab cybersecurity exercise, aiming to boost regional coordination and crisis-response...
November 27, 2025 09:44 AM
OBR chair ‘mortified’ by budget leak as ex-cybersecurity chief called in to investigate
Richard Hughes, head of Office for Budget Responsibility, says he has apologised to chancellor for 'letting people down'
November 27, 2025 09:23 AM
Cybersecurity in Healthcare: Strengthening Resilience Across the NHS and Beyond
With the recent introduction of the Cyber Security and Resilience Bill in Parliament, now is a particularly crucial time to reflect on...
November 27, 2025 08:56 AM
Ministers send small businesses cyber threat warning
Small businesses have been urged by ministers to be proactive about cybersecurity to avoid the potentially devastating impact of an attack.
Frequently Asked Questions
Explore insights on cybersecurity incidents, risk posture, and Rankiteo's assessments.
PJSC "Rosseti" CyberSecurity History Information
Official Website of PJSC "Rosseti"
The official website of PJSC "Rosseti" is http://www.rosseti.ru/eng/.
PJSC "Rosseti"’s AI-Generated Cybersecurity Score
According to Rankiteo, PJSC "Rosseti"’s AI-generated cybersecurity score is 700, reflecting their Moderate security posture.
How many security badges does PJSC "Rosseti"’ have ?
According to Rankiteo, PJSC "Rosseti" currently holds 0 security badges, indicating that no recognized compliance certifications are currently verified for the organization.
Does PJSC "Rosseti" have SOC 2 Type 1 certification ?
According to Rankiteo, PJSC "Rosseti" is not certified under SOC 2 Type 1.
Does PJSC "Rosseti" have SOC 2 Type 2 certification ?
According to Rankiteo, PJSC "Rosseti" does not hold a SOC 2 Type 2 certification.
Does PJSC "Rosseti" comply with GDPR ?
According to Rankiteo, PJSC "Rosseti" is not listed as GDPR compliant.
Does PJSC "Rosseti" have PCI DSS certification ?
According to Rankiteo, PJSC "Rosseti" does not currently maintain PCI DSS compliance.
Does PJSC "Rosseti" comply with HIPAA ?
According to Rankiteo, PJSC "Rosseti" is not compliant with HIPAA regulations.
Does PJSC "Rosseti" have ISO 27001 certification ?
According to Rankiteo,PJSC "Rosseti" is not certified under ISO 27001, indicating the absence of a formally recognized information security management framework.
Industry Classification of PJSC "Rosseti"
PJSC "Rosseti" operates primarily in the Oil and Gas industry.
Number of Employees at PJSC "Rosseti"
PJSC "Rosseti" employs approximately 126 people worldwide.
Subsidiaries Owned by PJSC "Rosseti"
PJSC "Rosseti" presently has no subsidiaries across any sectors.
PJSC "Rosseti"’s LinkedIn Followers
PJSC "Rosseti"’s official LinkedIn profile has approximately 428 followers.
NAICS Classification of PJSC "Rosseti"
PJSC "Rosseti" is classified under the NAICS code 211, which corresponds to Oil and Gas Extraction.
PJSC "Rosseti"’s Presence on Crunchbase
No, PJSC "Rosseti" does not have a profile on Crunchbase.
PJSC "Rosseti"’s Presence on LinkedIn
Yes, PJSC "Rosseti" maintains an official LinkedIn profile, which is actively utilized for branding and talent engagement, which can be accessed here: https://www.linkedin.com/company/pjsc-rosseti-.
Cybersecurity Incidents Involving PJSC "Rosseti"
As of November 27, 2025, Rankiteo reports that PJSC "Rosseti" has experienced 1 cybersecurity incidents.
Number of Peer and Competitor Companies
PJSC "Rosseti" has an estimated 10,412 peer or competitor companies worldwide.
What types of cybersecurity incidents have occurred at PJSC "Rosseti" ?
Incident Types: The types of cybersecurity incidents that have occurred include Breach.
How does PJSC "Rosseti" detect and respond to cybersecurity incidents ?
Detection and Response: The company detects and responds to cybersecurity incidents through an law enforcement notified with yes, and containment measures with arrests made and equipment seized..
Incident Details
Can you provide details on each incident ?
Title: Arrests Made in Mamont Android Banking Trojan Scheme
Description: PJSC Sberbank's security apparatus, in collaboration with Russian authorities, arrested three individuals for manufacturing and distributing 'Mamont,' an Android banking trojan that was spread through Telegram channels. The malware allowed illicit fund transfers from victims' accounts, made feasible by theft of banking credentials and sensitive financial data. Over 300 cybercrimes have been attributed to this scheme, comprising fraudulent transactions and unauthorized access to banking information. Authorities have seized equipment connected to the operation and have taken legal action against the perpetrators, continuing investigations into potential accomplices.
Type: Malware
Attack Vector: Android Banking Trojan
Vulnerability Exploited: Theft of banking credentials and sensitive financial data
Threat Actor: Three individuals manufacturing and distributing 'Mamont'
Motivation: Financial Gain
What are the most common types of attacks the company has faced ?
Common Attack Types: The most common types of attacks the company has faced is Breach.
How does the company identify the attack vectors used in incidents ?
Identification of Attack Vectors: The company identifies the attack vectors used in incidents through Telegram channels.
Impact of the Incidents
What was the impact of each incident ?
Incident : Malware PJS000032925
Data Compromised: Banking credentials and sensitive financial data
Systems Affected: Android devices
Legal Liabilities: Legal action against the perpetrators
Payment Information Risk: High
What types of data are most commonly compromised in incidents ?
Commonly Compromised Data Types: The types of data most commonly compromised in incidents are Banking credentials and sensitive financial data.
Which entities were affected by each incident ?
Incident : Malware PJS000032925
Entity Name: PJSC Sberbank
Entity Type: Bank
Industry: Financial Services
Location: Russia
Response to the Incidents
What measures were taken in response to each incident ?
Incident : Malware PJS000032925
Law Enforcement Notified: Yes
Containment Measures: Arrests made and equipment seized
Data Breach Information
What type of data was compromised in each breach ?
Incident : Malware PJS000032925
Type of Data Compromised: Banking credentials and sensitive financial data
Sensitivity of Data: High
Data Exfiltration: Yes
Personally Identifiable Information: Yes
How does the company handle incidents involving personally identifiable information (PII) ?
Handling of PII Incidents: The company handles incidents involving personally identifiable information (PII) through by arrests made and equipment seized.
Regulatory Compliance
Were there any regulatory violations and fines imposed for each incident ?
Incident : Malware PJS000032925
Legal Actions: Legal action against the perpetrators
How does the company ensure compliance with regulatory requirements ?
Ensuring Regulatory Compliance: The company ensures compliance with regulatory requirements through Legal action against the perpetrators.
Investigation Status
What is the current status of the investigation for each incident ?
Incident : Malware PJS000032925
Investigation Status: Ongoing
Initial Access Broker
How did the initial access broker gain entry for each incident ?
Incident : Malware PJS000032925
Entry Point: Telegram channels
High Value Targets: Banking credentials and sensitive financial data
Data Sold on Dark Web: Banking credentials and sensitive financial data
Post-Incident Analysis
What were the root causes and corrective actions taken for each incident ?
Incident : Malware PJS000032925
Root Causes: Manufacturing and distributing 'Mamont' Android banking trojan
Additional Questions
General Information
Who was the attacking group in the last incident ?
Last Attacking Group: The attacking group in the last incident was an Three individuals manufacturing and distributing 'Mamont'.
Impact of the Incidents
What was the most significant data compromised in an incident ?
Most Significant Data Compromised: The most significant data compromised in an incident was Banking credentials and sensitive financial data.
Response to the Incidents
What containment measures were taken in the most recent incident ?
Containment Measures in Most Recent Incident: The containment measures taken in the most recent incident was Arrests made and equipment seized.
Data Breach Information
What was the most sensitive data compromised in a breach ?
Most Sensitive Data Compromised: The most sensitive data compromised in a breach was Banking credentials and sensitive financial data.
Regulatory Compliance
What was the most significant legal action taken for a regulatory violation ?
Most Significant Legal Action: The most significant legal action taken for a regulatory violation was Legal action against the perpetrators.
Investigation Status
What is the current status of the most recent investigation ?
Current Status of Most Recent Investigation: The current status of the most recent investigation is Ongoing.
Initial Access Broker
What was the most recent entry point used by an initial access broker ?
Most Recent Entry Point: The most recent entry point used by an initial access broker was an Telegram channels.
.png)
Latest Global CVEs (Not Company-Specific)
Description
Angular is a development platform for building mobile and desktop web applications using TypeScript/JavaScript and other languages. Prior to versions 19.2.16, 20.3.14, and 21.0.1, there is a XSRF token leakage via protocol-relative URLs in angular HTTP clients. The vulnerability is a Credential Leak by App Logic that leads to the unauthorized disclosure of the Cross-Site Request Forgery (XSRF) token to an attacker-controlled domain. Angular's HttpClient has a built-in XSRF protection mechanism that works by checking if a request URL starts with a protocol (http:// or https://) to determine if it is cross-origin. If the URL starts with protocol-relative URL (//), it is incorrectly treated as a same-origin request, and the XSRF token is automatically added to the X-XSRF-TOKEN header. This issue has been patched in versions 19.2.16, 20.3.14, and 21.0.1. A workaround for this issue involves avoiding using protocol-relative URLs (URLs starting with //) in HttpClient requests. All backend communication URLs should be hardcoded as relative paths (starting with a single /) or fully qualified, trusted absolute URLs.
Risk Information
cvss4
Base: 7.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:N/SC:H/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
References
- https://github.com/angular/angular/commit/0276479e7d0e280e0f8d26fa567d3b7aa97a516f
- https://github.com/angular/angular/commit/05fe6686a97fa0bcd3cf157805b3612033f975bc
- https://github.com/angular/angular/commit/3240d856d942727372a705252f7c8c115394a41e
- https://github.com/angular/angular/releases/tag/19.2.16
- https://github.com/angular/angular/releases/tag/20.3.14
- https://github.com/angular/angular/releases/tag/21.0.1
- https://github.com/angular/angular/security/advisories/GHSA-58c5-g7wp-6w37
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Uncontrolled Recursion vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft deep ASN.1 structures that trigger unbounded recursive parsing. This leads to a Denial-of-Service (DoS) via stack exhaustion when parsing untrusted DER inputs. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 8.7
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Forge (also called `node-forge`) is a native implementation of Transport Layer Security in JavaScript. An Integer Overflow vulnerability in node-forge versions 1.3.1 and below enables remote, unauthenticated attackers to craft ASN.1 structures containing OIDs with oversized arcs. These arcs may be decoded as smaller, trusted OIDs due to 32-bit bitwise truncation, enabling the bypass of downstream OID-based security decisions. This issue has been patched in version 1.3.2.
Risk Information
cvss4
Base: 6.3
Severity: LOW
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. Prior to versions 7.0.13 and 8.0.2, working with large buffers in Lua scripts can lead to a stack overflow. Users of Lua rules and output scripts may be affected when working with large buffers. This includes a rule passing a large buffer to a Lua script. This issue has been patched in versions 7.0.13 and 8.0.2. A workaround for this issue involves disabling Lua rules and output scripts, or making sure limits, such as stream.depth.reassembly and HTTP response body limits (response-body-limit), are set to less than half the stack size.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Description
Suricata is a network IDS, IPS and NSM engine developed by the OISF (Open Information Security Foundation) and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64_data. This issue has been patched in version 8.0.2. A workaround involves disabling rules that use entropy in conjunction with base64_data.
Risk Information
cvss3
Base: 7.5
Severity: LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Access Data Using Our API
Get company history
curl -i -X GET 'https://api.rankiteo.com/underwriter-getcompany-history?linkedin_id=pjsc-rosseti-' -H 'apikey: YOUR_API_KEY_HERE'
RapidWhat Do We Measure ?
Incident
Finding
Grade
Digital Assets
Every week, Rankiteo analyzes billions of signals to give organizations a sharper, faster view of emerging risks. With deeper, more actionable intelligence at their fingertips, security teams can outpace threat actors, respond instantly to Zero-Day attacks, and dramatically shrink their risk exposure window.
These are some of the factors we use to calculate the overall score:
Network Security
Identify exposed access points, detect misconfigured SSL certificates, and uncover vulnerabilities across the network infrastructure.
SBOM (Software Bill of Materials)
Gain visibility into the software components used within an organization to detect vulnerabilities, manage risk, and ensure supply chain security.
CMDB (Configuration Management Database)
Monitor and manage all IT assets and their configurations to ensure accurate, real-time visibility across the company's technology environment.
Threat Intelligence
Leverage real-time insights on active threats, malware campaigns, and emerging vulnerabilities to proactively defend against evolving cyberattacks.
Rankiteo is a unified scoring and risk platform that analyzes billions of signals weekly to help organizations gain faster, more actionable insights into emerging threats. Empowering teams to outpace adversaries and reduce exposure.
