Case Study: Naftogaz achieves passwordless protection of Ukraine’s critical energy infrastructure with Yubico

Naftogaz enhances critical infrastructure protection with YubiKeys

Naftogaz, Ukraine’s state-owned oil and gas group, faced relentless cyber threats—ranging from large-scale ransomware campaigns to a dramatic surge in attacks after February 2022—and persistent phishing that exploited passwords across corporate networks. Its security subsidiary, Naftogaz-Bezreka, led by Oleksandr Tarasov, set a clear goal to eliminate password leaks and better protect privileged and remote access to critical systems.

To do this, Naftogaz deployed Yubico YubiKey 5 NFC and 5C NFC tokens using FIDO2 standards (accelerated by a donation from Yubico’s Secure it Forward program), replacing passwords with passwordless and stronger MFA for workstations, cloud services and VPNs. The ~two‑month implementation improved user experience, drastically reduced phishing risk within the security unit, and established a roadmap to expand passwordless authentication across the group.

Naftogaz

Oleksandr Tarasov

Head of Security Controls, Security Operation Center