<img src="https://ad.doubleclick.net/ddm/activity/src=9826842;type=pagev0;cat=allsi0;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;tfua=;npa=;gdpr=${GDPR};gdpr_consent=${GDPR_CONSENT_755};ord=1?" width="1" height="1" alt="">

Malware operators are increasingly targeting ONG and related energy industries to further political, economic, and national security goals. Their activity threatens the availability of industrial technologies and safety of those operating them. Industrial asset owners and operators can defend against these threat groups if they can recognize suspicious behavior.

Identify the tactics, techniques, and procedures used by Activity Groups with this intelligence report from Dragos, the largest global team dedicated to protecting industrial control systems.

Understand the full scope of threats targeting ONG infrastructure around the world and:

  • Why all stages of ONG operations are high-value targets for cyber attacks.
  • Major areas of concern - and actionable recommendations to address them - for upstream, midstream, and downstream. 
  • How OEMs, third-party vendors, and supply chains increase risk in your IT and OT networks.
  • Defensive recommendations to strengthen your ICS/OT cybersecurity posture.

SKIP

3 of 7 Activity Groups Threatening Oil & Natural Gas

Prepare for all seven Activity Groups targeting ONG infrastructure by downloading our full intelligence report. 

XENOTIME_darkBG@2x

XENOTIME

CAPAbiLITIES

TRISIS. Custom credential harvesting. Off-the-shelf tools.

ICS Impact

Demonstrated capability to execute a disruptive ICS attack, such as the 2017 TRISIS incident.

PARISITE_darkBG@2x

PARASITE

CAPABILITIES

Exploiting known VPN vulnerabilities. SSH.NET, MASSCAN, dsniff, Impacket.

ICS Impact

Operations focus on ICS-related organizations, limited to IT network actions for initial access and information collection.

KAMACITE-token

KAMACITE

CAPABILITIES

Primary focus on compromised infrastructure in Europe. Spoofs legitimate technology and social media services.

ICS Impact

Operations linked to five ICS targeting events. Proven operations leading to disruption. Facilitated the 2015 and 2016 Ukraine power events.