The number of cyber intrusions and attacks targeting the Electric sector is increasing from Activity Groups (AG) and ransomware operations.
In 2020, Dragos disclosed three new AGs explicitly targeting the electricity sector: KAMACITE, TALONITE, and STIBNITE. Dragos's threat intelligence team now tracks eleven AGs explicitly targeting industrial control systems in electric utility networks, and two of these possess ICS-specific capabilities and tools capable of causing disruptive events.
Prepare for the Activity Groups targeting your operational technologies with the insights in this free download, including:
- Key findings from our latest threat intelligence
- 11 Activity Groups that are currently targeting the Electric sector
- Current threats to each operational segment, from generation to distribution
- Lessons learned from real-world cyber events at electric utilities
- Recommendations to protect against specific threat behaviors
Emerging activity groups threatening Electric.
Prepare for the eleven AGs targeting electric utility networks by downloading the full report.

STIBNITE
Infrastructure
Spoofed domains for government & technology entities. Adversary-owned & operated infrastructure. Extensive use of dynamic DNS providers.
ICS Impact
Access development, information gathering, and further operations within electric sector.

TALONITE
Infrastructure
Combinations of adversary-owned and compromised infrastructure. Almost exclusively based in East Asia.
ICS Impact
Operations focus on U.S. electric utilities, initial access information gathering, and further operations within electric sector.

KAMACITE
Infrastructure
Primary focus on compromised infrastructure in Europe. Spoofs legitimate technology and social media services.
ICS Impact
Operations linked to five ICS targeting events. Proven operations leading to disruption. Facilitated the 2015 and 2016 Ukraine power events.