THREAT PERSPECTIVE 

Hacktivists and state-sponsored threat groups are actively probing and abusing solar sites, wind farms, battery storage, and EV chargers – the same assets now tied into daily operations. We’ve seen real cases where adversaries jam communications, falsify readings, and push unsafe settings that operators act on – turning small devices into significant incidents. This threat perspective from WorldView translates the current OT/ICS threat landscape for distributed energy resources (DER) and microgrids into clear steps OT teams and leaders can take now.  

Highlights from the report: 

• Who’s in play & where: From hacktivists hitting EV charging and PV monitoring in Europe to state-sponsored threat groups using wipers that disrupted wind turbine management visibility, adversaries are testing the renewables you rely on. 

• How they get in: Internet-exposed PV monitors and gateways, weak/flat site networks, and insecure remote access give adversaries footholds near operations – often without dropping custom malware. 

• What they do next: They cut your view, falsify measurements, and alter controls - resulting in avoidable disconnects, operational delays, and safety issues in the field. 
• Why this escalates: Clusters of small devices act like one big asset. A few compromised inverters can cascade into balancing and restoration. 

What you’ll learn inside: 

The concrete attack paths hitting solar, wind, storage, and EV charging, how those paths escalate into OT effects, and a prioritized action plan: tighten remote access, make firmware updates verifiable at scale, segment the paths that matter, and instrument for replay/MitM/DoS patterns—with the controls and threat detections that reduce that risk.