The most dangerous threat to ICS has a new target

It has been identified that the “most dangerous” hacking group, has expanded its target to the utilities sector.

According to the security company Dragos, the cyber threat to industrial control systems are proliferating.

The hacking group XENOTIME have been found probing into the networks of electric utility organisations in the US using similar tactics that had been used in other operations against oil and gas companies.

Dragos wrote:

“Asset owners and operators across ICS should be aware of XENOTIME’s tactics, techniques, and procedures.”

XENOTIME are known for infecting the ICSs of a petrochemical plant in Saudi Arabia with malware known as TRISIS in 2017. The malware targeted safety systems and had been designed to cause loss of life or physical damage.

Since the attack, the hacking group has expanded its operations to also include oil and gas entities outside the Middle East. Furthermore it was discovered that the group had targeted several ICS vendors and manufacturers in 2018 – thus “providing potential supply chain threat opportunities and vendor-enabled access to target ICS networks”.

It wasn’t until 2019 that Dragos identified activity attempting to gather information and catalogue network resources associated with US and Asia-Pacific electric utilities. This activity indicates that the group may be in preparation for a future cyber attack.

“While none of the electric utility targeting events has resulted in a known, successful intrusion into victim organizations to date, the persistent attempts, and expansion in scope is cause for definite concern.”

XENOTIME has successfully infiltrated and compromised several oil and gas environments thus demonstrating its ability. XENOTIME is the only known group to only target safety instrumented systems for destructive purposes.

Dragos emphasised that the behaviour observed is an “expansion” and not a shift in threat therefore oil and gas entities must still stay alert.

“The expansion should serve as a clear signal to ICS operators – not only in oil and gas or electric utility operations – that the time to plan, implement, and enforce security standards and response processes in industrial environments is now.

“Utilities, companies, and governments must work cooperatively around the world and across industrial sectors to jointly defend lives and infrastructure from the increasing scope and scale of offensive critical infrastructure cyber attack.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/