Threat Groups
These Threat Group reports deliver expert analysis of the industrial threat landscape and emerging risks, giving you the intelligence needed to develop proactive defensive strategies for your ICS environments.
Watering-hole and phishing attacks leading to ICS reconnaissance and screenshot collection.
Ability to comprimise PLCs, modify ladder logic, and deploy custom backdoors on OT Devices.
Employs LOTL tactics to establish persistent access to victim environments.
Development of ICS malware to disrupt, degrate, and destroy industrial environments and processes.
Watering-hole attacks, malware and covert communication for reconnaissance.
Deep ICS environment information gathering, including operator credentials and industrial processes.
Electric grid disruption and long-term persistence using LOTL tactics and custom ICS Malware.
Impersonates victims, exploits vulnerabilities, targets internet-exposed endpoints, and exfiltrates data.
Spearphishing and credential theft for reconnaissance and espionage targeting industrial sectors.
Uses third-party connections from telecom providers for network access to industrial organizations.
Spearphishing, exploiting SOHO routers, and leveraging custom capabilities to enable ELECTRUM operations.
Uses perimeter device compromise and LOTL techniques for reconnaissance and exfiltration.
Targets Oracle e-buisness suite iSupplier web services and assets across multiple industrial sectors.
Relies on phishing campaigns, password sprating, and malware delivery for reconnaissance.
Exploits known VPN vulnerabilities and open-source pentesting tools for reconnaissance, initial access, C2.
Employs spearphishing and backdoor capabilities for initial access, reconnaissance, C2.
Credential capture and LOTL techniques employed for initial access, reconnaissance C2.
Compromises IT networks via insecure VPNs to conduct reconnaissance activities.
Spearphishing with malicious documents or executables for initial access compromise.
Targets vulnerable external-facing network appliances to access IT networks and establish foothold.
Uses LOTL techniques for reconnaissance, enumeration, lateral movement, and long-term persistent access.
Employs known malware for remote access, credential capture, and lateral movement.
Development of ICS malware for physical disruption, causing unsafe conditions and long-term persistence.
