Skip to main content
Industrial Cybersecurity in the
Oil & Gas

Ransomware attacks against industrial organizations increased 50%.

As threats to upstream, midstream, and downstream operations become more frequent and sophisticated, cybersecurity leaders must improve visibility into their OT networks, effectively manage vulnerabilities, and leverage a collective defense approach to protect the connected supply chain in order to continue to deliver products reliably and efficiently.

Dragos has assembled the largest team of ICS cybersecurity experts, including incident responders who were among the first on the scene of the 2017 TRISIS cyberattack that targeted safety systems in a refinery. Our unique approach combines OT threat intelligence, professional services, and the most effective and efficient ICS cybersecurity technology built on this unmatched expertise to enhance visibility, detection, and response capabilities in oil and gas environments.
Intelligence Report

Oil & Natural Gas Cyber Threat Perspective

Malware operators are increasingly targeting ONG and related energy industries to further political, economic, and national security goals. Identify the tactics, techniques, and procedures used by Activity Groups with this intelligence report from Dragos, the largest global team dedicated to protecting industrial control systems.
Download Now
Liquid chemical tank terminal, Storage of liquid chemical and petrochemical products tank, Aerial view at night.
teal icon of a bug representing asset risk

Visualize, Detect, and Respond to Threats & Vulnerabilities in your OT Environment

Oil rigs and brightly lit industrial site at night. Pump jack and grange mouth refinery at night. Toned.

Our ICS cybersecurity expertise – at your fingertips.

A key challenge in the oil & gas industry is managing asset inventories and understanding overall asset visibility across large plants or geographically dispersed operations. The Dragos Platform provides ICS defenders with unprecedented visibility of their assets and communications, which helps surface threats and vulnerabilities along with operational issues that can be extremely difficult to track down. The Platform is continuously updated with Knowledge Packs that contain the latest industrial device data, intelligence-driven analytics, and prescriptive guidance via playbooks to investigate and respond to incidents.


Gain in-depth visibility of threats & vulnerabilities oil and gas networks face.

Ransomware has emerged as a top threat to oil and gas operations, and is a focus of Dragos’s ICS Threat Intelligence analysts. Make global situational awareness part of your comprehensive security strategy with Dragos ICS Threat Intelligence. Receive pertinent threat reports, vunerability advisories, and IOCs via email or our convenient online portal.


Combat oil and gas cyber threats from all angles.

Dragos’s experienced Professional Services team can be dispatched to perform a variety of activities that allow you to fully understand your ICS environment and its vulnerabilities, mitigate risks, and respond to threats confidently. A common first step is conducting Architecture Reviews to assess the ICS Program and overall Topology deployed. Then, we can conduct Tabletop Exercises to educate and prepare your cross-functional teams to respond to an incident, and also offer instructor-led ICS training classes year-round to level-up understanding and skills in OT cybersecurity.


Where Dragos differentiates from many [competitors] is in the ICS-focused expertise of its team, reflected in its intelligence-centric approach, where its deep and detailed knowledge of the specifics of the ICS threat landscape are borne out of experience.

451 Research

Known Activity Groups Targeting Oil & Gas Operations

The oil and gas industry is a prime target for adversaries seeking to exploit industrial control systems environments. An attack can happen at any point across the major stages of operations. To help protect your infrastructure, Dragos tracks nine activity groups specifically targeting oil and gas and will continue to update this list as more information becomes available.

a token from CHERNOVITE has the capability to disrupt, degrade, and potentially destroy industrial environments and physical processes in industrial environments.
since 2021
CHERNOVITE has the capability to disrupt, degrade, and potentially destroy industrial environments and physical processes in industrial environments.
Vanadinite adversary group trading card from Dragos
since 2019
IT compromise and information gathering
since 2014
Known to facilitate operations leading to disruptive ICS attack
since 2019
Focused on physical destruction and long-term persistence
Xenotime logo
since 2014
Focused on physical destruction and long-term persistence
dymalloy logo
since 2016
Deep ICS environment information gathering, operator credentials, industrial process details
Magnallium logo
since 2017
IT network limited, information gathering against industrial orgs
hexane logo
since 2018
IT compromise and information gathering against ICS entities
Parisite logo
since 2017
VPN compromise of IT networks to conduct reconnaissance
Chrysene logo
since 2017
IT compromise, information gathering and recon against industrial orgs

Defend Against Ransomware Threats _

Ransomware can directly impact OT in critical environments such as wellhead operations, compressor stations, and metering stations. And, even when it cripples the IT network, industrial processes can be impacted by forcing operators to halt OT operations as a precaution.

Events & Webinars

View Events

Find Dragos on the Frontlines

Beers and Cheers with Robert M. Lee

Boston, MA


Gartner Security & Risk Management Summit 2024

National Harbor, MD

06.03.24 – 06.05.24

Dragos Europe Forum 2024

London, United Kingdom

06.03.24 – 06.06.24