As technology grows more advanced with concepts like Web3 and the metaverse angling online connectivity even more streamlined, cyber security has become increasingly important even in the most mundane circles. For specific services that keep cities and often even whole countries in motion, locking down highly precious control systems is a key initiative for the future.
According to a recent report compiled by Dragos, a UK cybersecurity firm, a total of ten major hacker groups exist mainly to target said critical everyday services, specifically that of operational technology and industrial control systems. The estimated 12 months of potential growth activity in hacking operations across Europe and North America is the most terrifying.
With ever-advancing forms of connectivity on the rise, it's thus only imperative that cybersecurity, specifically for infrastructure concepts, take precedence. These forms of internet-based control webs are not only incredibly sensitive but highly lethal long-term if put into the wrong hands, which only becomes easier as employees and the overall internet writ large gains access to infrastructure parameters.
Related Article: Hacktivist Group Anonymous Claims it Hacked Russian Printers to Spread Anti-War Sentiment
Most hacking, especially on OT networks, is made via remote desktop protocols. VPNs, although a smart play by individuals, can often be bypassed or utilized for nefarious purposes. Following a breach, bad actors typically test procedures and see the viability of a system's firewall and overall cybersecurity. Initial attempts are a ploy to test the limits or leave behind breadcrumbs for future attacks.
Any of these varied systems and operational technologies are too complex to be understood in one sitting. Hackers will also take time to investigate and underscore the targeted system's full breath before any major damage or alterations are made to the mainline controller. If a breach is made, it allows bad actors potentially full control over the system, especially when most OT is based on old or outdated software.
Dragos' recorded ten total hacker groups also included some state-run initiatives, like the Russian military's own Electrum, China's APT 41, and North Korea's Lazarus Group. The full list of hacker groups that target mainly ICS and OT is as follows:
- Magnallium: This group, which might be connected to the Iranian APT 33 organization, has mainly been focusing on companies based in Saudi Arabia but has expanded its operations on European and North American firms that work in aircraft, oil, and gas.
- Vanadinite: This is a group that targets incredibly specific forms of software under global industrial organizations. It's likewise associated with yet another group, the Chinese-backed APT 41.
- Xenotime: Like Magnallium, the supposedly Russian Xenotime hacker group targets mainly oil and gas operations based in the United States, Europe, and Australia.
- Parasite: This group, which is potentially Iranian, focuses efforts on aerospace, oil and gas, and utilities utilizing open-source tools on companies based in the Middle East, Europe, and North America.
- Allanite: Another Russian-associated hacker group, Allanite takes on mostly UK and US OT networks and focuses on German infrastructure. The group is known to use special reconnaissance and preliminary breaches to plan ahead for future attacks on enterprise sectors.
- Kamacite: This hacker group is a known subset of the Sandworm Russian operation under Electrum. The group has been actively targeting Ukrainian power facilities and other industrial control systems in the country since 2014.
- Dymalloy: This group, which is also Russian, is seen as among the most aggressive of the bunch. It mainly focuses on North American, Turkish, and European companies that specialize in electric utilities and oil and gas.
- Chrysene: This Iranian-linked operation is mainly built around intelligence and data compiling of both the Middle East and Europe.
- Electrum: Also known as Sandworm, Electrum is a vast interconnected group of highly skilled hackers that target mainly Ukraine and its power grid utilizing advanced malware to control OT parameters. It's supposedly linked to the Russian military and intelligence operations.
- Covellite: This group mostly uses phishing emails to hit European, East Asian, and US electric utilities. It's potentially connected with the North Korean Lazarus Group.
Since the invasion of Ukraine by Russia in late Feb., industrial-based attacks on online networks have only increased dramatically. It's now more than ever incredibly important to keep the most critical forms of infrastructure safe from bad actors.