VOLTZITE depends closely on living-off-the-land methods and hands-on post-compromise actions with the purpose of increasing their entry from the IT community perimeter to the OT community. The group is believed to be in operation since no less than 2021 and has focused vital infrastructure entities in Guam, the USA, and different nations with a concentrate on electrical corporations. The group has additionally focused organizations from the fields of cybersecurity analysis, know-how, protection industrial bases, banking, satellite tv for pc providers, telecommunications, and training.
“Dragos’s evaluation of VOLTZITE operations underscores the necessity for ongoing vigilance amongst organizations working within the international electrical sector, because the noticed exercise suggests continued and particular curiosity in these networks,” Dragos stated in its report. “Additional, VOLTZITE’s actions involving extended surveillance and knowledge gathering align with Volt Hurricane’s assessed goals of reconnaissance and gaining geopolitical benefit within the Asia-Pacific area.”
One other new group, GANANITE, is concentrated on cyberespionage and knowledge theft. The group’s targets have primarily been vital infrastructure and authorities organizations from Central Asia and nations from the Commonwealth of Impartial States (CIS). GANANITE is understood for utilizing publicly out there proof-of-concept exploits to compromise internet-exposed endpoints and for its use of a number of distant entry trojans, together with Stink Rat, LodaRAT, WarzoneRAT, and JLORAT. The latter has beforehand been related to exercise by a recognized APT group tracked as Turla, which is believed to be related to the Russian inner security service, the FSB.
“GANANITE has been noticed conducting a number of assaults towards key personnel associated to ICS operations administration in a distinguished European oil and gasoline firm, rail organizations in Turkey and Azerbaijan, a number of transportation and logistics corporations, an automotive equipment firm, and no less than one European authorities entity overseeing public water utilities,” Dragos stated.
The third new group, LAURIONITE, has been noticed exploiting vulnerabilities in Oracle E-Enterprise Suite iSupplier net providers belonging to organizations from the aviation, automotive, manufacturing, and authorities sectors. Oracle E-Enterprise Suite is a well-liked enterprise resolution for built-in enterprise processes used throughout many industries. LAURIONITE has not been noticed trying to pivot to OT networks but, however the potential is there given its targets and the kind of details about suppliers and vendor relationships that Oracle E-Enterprise Suite iSupplier cases would possibly comprise.
Ransomware and hacktivism additionally pose a risk to operational know-how
Whereas ransomware teams don’t sometimes goal OT belongings instantly, industrial organizations who’ve ransomware incidents on their IT networks would possibly shut down their OT belongings as a safety measure resulting in disruptions. In accordance with Dragos’s monitoring, the variety of ransomware incidents that impacted industrial organizations elevated by 50% final yr and over 70% impacted producers.
