The most dangerous threat to ICS has new targets in its sights. Dragos identified the XENOTIME activity group expanded its targeting beyond oil and gas to the electric utility sector. This expansion to a new vertical illustrates a trend that will likely continue for other ICS-targeting adversaries.
Industrial control system (ICS) cyber threats are proliferating. More capable adversaries are investing heavily in the ability to disrupt critical infrastructure like oil and gas, electric power, water, and more. Attacking any industrial sector requires significant resources, which increases as capabilities and targeting expand. The high resource requirement previously limited such attacks to a few potential adversaries, but as more players see value and interest in targeting critical infrastructure – and those already invested see dividends from their behaviors – the threat landscape grows.
To illustrate and highlight this major strategic risk to industrial environments worldwide and across every industry, Dragos is publishing new intelligence on XENOTIME. In anticipation of this release, Dragos worked with global electric utilities to increase their defense against this and the other threats to industrial control systems. Dragos Platform customers have detections for XENOTIME, as the product receives these and other threat behavior detection updates regularly.