Free Webinar:

When Ransomware Strikes | The Impact of Ransomware in OT Environments

Skip to main content
Industrial Cybersecurity in the
Electric Grid Operations

86% of Dragos services customers had limited to no visibility into their ICS environment.

As threats to the electric sector become more frequent and sophisticated, organizations must look to reduce the risk of a devastating cyber attack such as the 2015 incident in the Ukraine. Take a proactive, holistic approach to protect the full spectrum of operations and defend your critical infrastructure with the world’s most robust ICS cybersecurity technology and the largest team of ICS practitioners who built it.
Case Study

Implementing the Dragos Platform to Solve ICS Cybersecurity Challenges in the Electric Sector

The interconnectivity between IT and OT networks continues to grow — expanding attack surfaces within electric utilities’ industrial control systems (ICS) environments — and introducing new threats and compromises previously not visible to organizations. This case study reviews an electric utility company in the U.S. that successfully implemented the Dragos Industrial Cybersecurity Platform and discusses the challenges faced by plant managers, IT teams, and OT teams in driving enhanced ICS/OT security and how the Dragos Platform helped to overcome these challenges.
POMERANIA DISTRICT,POLAND - DECEMBER 8,2018: Aerial view of electricians working on electric poles to install and repair power lines.
an icon depicting cybersecurity. The green gradient icon has a square with a padlock in the middle and multiple arms

Visualize, Detect, and Respond to Threats against Your Operations

windmill farm renewable enrgy, green energy with windmill park in ocean and land

Protect your assets and respond to threats against generation, transmission, and distribution systems — all in one place.

The Dragos Platform provides ICS defenders with unprecedented visibility of their assets and communications, knowledge of threats through intelligence-driven analytics, and prescriptive guidance via playbooks to investigate and respond to incidents.


Gain in-depth visibility of threats electric systems face.

Make global situational awareness part of your comprehensive security strategy with Dragos ICS Threat Intelligence. Receive pertinent reports via email or our online portal, and participate in live quarterly webinars with our deeply experienced team of ICS/OT intel analysts.

Manage icon

Attack electric sector cyber threats from all angles.

Dragos’ experienced Professional Services team can be dispatched to perform a variety of activities that allow you to fully understand your ICS environment, mitigate risks, and respond to threats confidently. Instructor-led ICS training classes are also available year-round.


The clear understanding Dragos has of the environment in which we operate allows us to cut through the hype around many potential industry vulnerabilities, so we can focus on the ones that matter most as we look after vital infrastructure and ensure supply to our customers.

National Grid

Known Activity Groups Targeting Electric Systems

The electric industry is a prime target for adversaries seeking to exploit industrial controls systems environments. An attack can happen at any point across the major stages of operations. To help protect your infrastructure, Dragos tracks eight activity groups targeting the electric sector and will continue to update this list as more information becomes available.

a token from CHERNOVITE has the capability to disrupt, degrade, and potentially destroy industrial environments and physical processes in industrial environments.
since 2021
CHERNOVITE has the capability to disrupt, degrade, and potentially destroy industrial environments and physical processes in industrial environments.
ERYTHRITE adversary group trading card from Dragos
since 2020
ERYTHRITE is an activity group that broadly targets organizations in the U.S. and Canada with ongoing, iterative malware campaigns.
KOSTOVITE adversary group PETROVITE trading card from Dragos
since 2021
In March of 2021, the activity group KOSTOVITE compromised a renewable energy operator.
adversary group PETROVITE trading card from Dragos
since 2019
PETROVITE demonstrates Stage 1 of the ICS Kill Chain capabilities and targets mining and energy operations in Kazakhstan.
since 2019
VPN compromise of IT networks to conduct reconnaissance
since 2014
Known to facilitate operations leading to disruptive ICS attack
since 2019
Focused on physical destruction and long-term persistence
Xenotime logo
since 2014
Focused on physical destruction and long-term persistence
Electrum Icon
since 2016
Electric grid disruption and long-term persistence
dymalloy logo
since 2016
Deep ICS environment information gathering, operator credentials, industrial process details
Magnallium logo
since 2017
IT network limited, information gathering against industrial orgs
Raspite logo
since 2017
IT network limited, information gathering on electric utilities with some similarities to CHRYSENE
Parisite logo
since 2017
VPN compromise of IT networks to conduct reconnaissance
wassonite logo
since 2018
IT compromise and information gathering
Allanite icon
since 2017
Watering-hole and phishing leading to ICS recon and screenshot collection
Chrysene logo
since 2017
IT compromise, information gathering and recon against industrial orgs

Cyber threats don't wait _

Join us on the frontlines with the latest webinars and events.

When Ransomware Strikes: The Impact of Ransomware in Operational Technology Environments


H-ISAC Fall Americas Summit

12.06.22 – 12.08.22

Crown Jewels Analysis for Industrial Control Systems