Dragos' annual ICS/OT cybersecurity report reveals that multiple state-linked threat groups have shifted from passive access-holding to actively mapping industrial control systems for potential disruption. China-linked Voltzite manipulated US energy engineering workstations to identify process shutdown conditions, while Russia-linked Electrum struck Polish distributed energy resources in what Dragos calls the first major coordinated DER cyberattack. Iran-linked Pyroxene deployed wiper malware during the Iran-Israel conflict. A critical gap underlies all of this: fewer than 10% of OT networks have any security monitoring, 90% of asset owners cannot detect decade-old Electrum techniques, and 82% lack criteria for when an anomaly should trigger a cybersecurity investigation. Dragos warns that compromised infrastructure may never be fully cleaned up, and that disruptive capabilities being staged now could be triggered during geopolitical conflict.
Sort: