VOLTZITE depends closely on living-off-the-land methods and hands-on post-compromise actions with the objective of increasing their entry from the IT community perimeter to the OT community. The group is believed to be in operation since at the very least 2021 and has focused vital infrastructure entities in Guam, america, and different international locations with a deal with electrical firms. The group has additionally focused organizations from the fields of cybersecurity analysis, expertise, protection industrial bases, banking, satellite tv for pc companies, telecommunications, and training.
“Dragos’s evaluation of VOLTZITE operations underscores the necessity for ongoing vigilance amongst organizations working within the international electrical sector, because the noticed exercise suggests continued and particular curiosity in these networks,” Dragos mentioned in its report. “Additional, VOLTZITE’s actions involving extended surveillance and knowledge gathering align with Volt Hurricane’s assessed goals of reconnaissance and gaining geopolitical benefit within the Asia-Pacific area.”
One other new group, GANANITE, is targeted on cyberespionage and knowledge theft. The group’s targets have primarily been vital infrastructure and authorities organizations from Central Asia and international locations from the Commonwealth of Unbiased States (CIS). GANANITE is thought for utilizing publicly obtainable proof-of-concept exploits to compromise internet-exposed endpoints and for its use of a number of distant entry trojans, together with Stink Rat, LodaRAT, WarzoneRAT, and JLORAT. The latter has beforehand been related to exercise by a recognized APT group tracked as Turla, which is believed to be related to the Russian inside safety service, the FSB.
“GANANITE has been noticed conducting a number of assaults in opposition to key personnel associated to ICS operations administration in a distinguished European oil and fuel firm, rail organizations in Turkey and Azerbaijan, a number of transportation and logistics firms, an automotive equipment firm, and at the very least one European authorities entity overseeing public water utilities,” Dragos mentioned.
The third new group, LAURIONITE, has been noticed exploiting vulnerabilities in Oracle E-Enterprise Suite iSupplier net companies belonging to organizations from the aviation, automotive, manufacturing, and authorities sectors. Oracle E-Enterprise Suite is a well-liked enterprise resolution for built-in enterprise processes used throughout many industries. LAURIONITE has not been noticed making an attempt to pivot to OT networks but, however the potential is there given its targets and the kind of details about suppliers and vendor relationships that Oracle E-Enterprise Suite iSupplier situations would possibly comprise.
Ransomware and hacktivism additionally pose a risk to operational expertise
Whereas ransomware teams don’t usually goal OT belongings straight, industrial organizations who’ve ransomware incidents on their IT networks would possibly shut down their OT belongings as a safety measure resulting in disruptions. In accordance with Dragos’s monitoring, the variety of ransomware incidents that impacted industrial organizations elevated by 50% final yr and over 70% impacted producers.