Ethical Hacking News
A new report by Dragos reveals that three new groups have emerged in the past year, targeting key sectors such as energy, water, and manufacturing organizations across North America, Europe, Asia, and the Middle East. The increasing sophistication of state-sponsored actors poses a significant threat to critical infrastructure, highlighting the need for robust security measures and increased cooperation among stakeholders.
The threat landscape of cyber-attacks on critical infrastructure has worsened with new and sophisticated groups joining the fray. There are now 26 OT-focused threat groups worldwide, including 3 new groups in the past year. New groups such as Azurite and Pyroxene pose a significant threat to key sectors like energy, water, manufacturing, transportation, and government organizations. The primary objective of some groups is not data theft, but rather causing disruption and destruction. Groups like Voltzite have managed to gain access to control systems, allowing them to manipulate industrial processes and cause future disruptions. The report highlights the need for increased cooperation and information sharing among stakeholders to combat the evolving threat landscape.
The threat landscape of cyber-attacks on critical infrastructure has taken a significant turn for the worse, with new and sophisticated groups joining the fray. A recent report by Dragos, a leading operational technology (OT) security firm, highlights the increasing complexity and menace posed by state-sponsored crews, who are targeting key sectors such as energy, water, manufacturing, transportation, and government organizations across North America, Europe, Asia, and the Middle East.
The report reveals that three new groups have emerged in the past year, bringing the total number of OT-focused threat groups to 26 worldwide. Among these, Azurite overlaps with China's Flax Typhoon, while Pyroxene is correlated with Imperial Kitten (APT35), the cyber arm of the Islamic Revolutionary Guard Corps (IRGC). The presence of these new groups underscores the evolving nature of the threat landscape and the increasing sophistication of state-sponsored actors.
One of the most notable groups highlighted in the report is Voltzite, which has been embedded in US energy networks for the purpose of taking them down. According to Dragos CEO Robert M. Lee, "Nothing that they were taking was useful for intellectual property." This statement highlights the primary objective of the group, which appears to be causing disruption and destruction rather than stealing sensitive information.
Volztite's activities have continued unabated, with the group maintaining its malware inside strategic American utilities "to maintain long-term persistence." Lee noted that Voltzite was not merely gaining access to these networks but also getting inside the control loop system that manages industrial processes. This level of access allows the group to potentially manipulate control systems and cause future disruptions.
Another group highlighted in the report is Pyroxene, which overlaps with Imperial Kitten (APT35) and has been conducting supply chain-leveraged attacks targeting defense, critical infrastructure, and industrial sectors. The group's modus operandi involves using recruitment-themed social engineering against targeted individuals before delivering backdoors and other malware.
Dragos also highlights the activities of Kamacite, an initial access provider for Electrum, which is correlated with Russia's GRU-run Sandworm offensive cyber unit. The group carried out a reconnaissance campaign against vulnerable internet-exposed industrial devices in US water, energy, and manufacturing sectors between March and July 2025. While no exploitation was confirmed during this period, the scope and precision of the scanning reveal a meaningful evolution in Kamacite's operational posture.
The report serves as a stark reminder that critical infrastructure is under increasing threat from state-sponsored actors. The presence of new groups such as Pyroxene and Azurite underscores the evolving nature of the threat landscape and the growing sophistication of these actors. As the threat landscape continues to evolve, it is essential for organizations to remain vigilant and implement robust security measures to protect their critical infrastructure.
In a world where cyber-attacks on critical infrastructure are becoming increasingly common, it is imperative that governments, organizations, and individuals work together to address this growing concern. The report by Dragos highlights the need for increased cooperation and information sharing among stakeholders to combat the evolving threat landscape. As the situation continues to unfold, one thing is clear: the threat landscape of cyber-attacks on critical infrastructure has never been more concerning.
Related Information:
https://www.ethicalhackingnews.com/articles/A-Growing-Concern-The-Expanding-Threat-Landscape-of-Cyber-Attacks-on-Critical-Infrastructure-ehn.shtml
Published: Tue Feb 17 20:04:59 2026 by llama3.2 3B Q4_K_M
