<img src="https://ad.doubleclick.net/ddm/activity/src=9826842;type=pagev0;cat=allsi0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=1?" width="1" height="1" alt="">

FREE REPORT 

ELECTRUM and KAMACITE: Ten Years of Adversary Tradecraft in ICS Operations

ELECTRUM and KAMACITE have driven some of the most consequential ICS attacks observed over the past decade, including the 2015 and 2016 Ukraine power grid disruptions and the development and deployment of purpose-built ICS malware such as CRASHOVERRIDE.

These two threat groups have demonstrated a repeatable path from enterprise compromise to OT impact and established techniques later employed by other threat groups. KAMACITE enables initial access and movement toward OT boundaries, while ELECTRUM executes ICS-specific actions that result in physical-world consequences. Their activity overlaps with operations attributed to Sandworm.

Dragos-ELECTRUMKAMACITE-ICSOperations-Dec25-Cover

This report examines the operations and tradecraft that shaped modern OT attacks and explains why understanding these patterns remains critical for defenders tasked with detecting and disrupting OT-focused threats today.

Get the Report insights you need.

Explore our Resources

Expand your intel and cybersecurity skill sets with resources and training from your ally. Our unprecedented ICS/OT knowledge and expertise are at the ready through our robust catalogue of whitepapers, playbooks, webinars, report, and other resources for every challenge.

See the Dragos Platform in Action

COPYRIGHT © 2025 DRAGOS, INC., ALL RIGHTS RESERVED.
For information about how we collect, use, share or otherwise process information about you, please see our privacy policy. and Terms of Service for more information.