The number of cyber intrusions and attacks targeting the Electric sector is increasing from Activity Groups (AG) and ransomware operations.
In 2020, Dragos disclosed three new AGs explicitly targeting the electricity sector: KAMACITE, TALONITE, and STIBNITE. Dragos's threat intelligence team now tracks eleven AGs explicitly targeting industrial control systems in electric utility networks, and two of these possess ICS-specific capabilities and tools capable of causing disruptive events.
Prepare for the Activity Groups targeting your operational technologies with the insights in this free download, including:
- Key findings from our latest threat intelligence
- 11 Activity Groups that are currently targeting the Electric sector
- Current threats to each operational segment, from generation to distribution
- Lessons learned from real-world cyber events at electric utilities
- Recommendations to protect against specific threat behaviors
Emerging activity groups threatening Electric.
Prepare for the eleven AGs targeting electric utility networks by downloading the full report.
Spoofed domains for government & technology entities. Adversary-owned & operated infrastructure. Extensive use of dynamic DNS providers.
Access development, information gathering, and further operations within electric sector.
Combinations of adversary-owned and compromised infrastructure. Almost exclusively based in East Asia.
Operations focus on U.S. electric utilities, initial access information gathering, and further operations within electric sector.
Primary focus on compromised infrastructure in Europe. Spoofs legitimate technology and social media services.
Operations linked to five ICS targeting events. Proven operations leading to disruption. Facilitated the 2015 and 2016 Ukraine power events.