VOLTZITE depends closely on living-off-the-land methods and hands-on post-compromise actions with the objective of increasing their entry from the IT community perimeter to the OT community. The group is believed to be in operation since not less than 2021 and has focused important infrastructure entities in Guam, the US, and different international locations with a concentrate on electrical corporations. The group has additionally focused organizations from the fields of cybersecurity analysis, know-how, protection industrial bases, banking, satellite tv for pc companies, telecommunications, and schooling.
“Dragos’s evaluation of VOLTZITE operations underscores the necessity for ongoing vigilance amongst organizations working within the international electrical sector, because the noticed exercise suggests continued and particular curiosity in these networks,” Dragos stated in its report. “Additional, VOLTZITE’s actions involving extended surveillance and knowledge gathering align with Volt Storm’s assessed aims of reconnaissance and gaining geopolitical benefit within the Asia-Pacific area.”
One other new group, GANANITE, is concentrated on cyberespionage and knowledge theft. The group’s targets have primarily been important infrastructure and authorities organizations from Central Asia and international locations from the Commonwealth of Impartial States (CIS). GANANITE is thought for utilizing publicly accessible proof-of-concept exploits to compromise internet-exposed endpoints and for its use of a number of distant entry trojans, together with Stink Rat, LodaRAT, WarzoneRAT, and JLORAT. The latter has beforehand been related to exercise by a recognized APT group tracked as Turla, which is believed to be related to the Russian inside safety service, the FSB.
“GANANITE has been noticed conducting a number of assaults in opposition to key personnel associated to ICS operations administration in a outstanding European oil and gasoline firm, rail organizations in Turkey and Azerbaijan, a number of transportation and logistics corporations, an automotive equipment firm, and not less than one European authorities entity overseeing public water utilities,” Dragos stated.
The third new group, LAURIONITE, has been noticed exploiting vulnerabilities in Oracle E-Enterprise Suite iSupplier internet companies belonging to organizations from the aviation, automotive, manufacturing, and authorities sectors. Oracle E-Enterprise Suite is a well-liked enterprise resolution for built-in enterprise processes used throughout many industries. LAURIONITE has not been noticed trying to pivot to OT networks but, however the potential is there given its targets and the kind of details about suppliers and vendor relationships that Oracle E-Enterprise Suite iSupplier situations may include.
Ransomware and hacktivism additionally pose a menace to operational know-how
Whereas ransomware teams don’t sometimes goal OT belongings instantly, industrial organizations who’ve ransomware incidents on their IT networks may shut down their OT belongings as a safety measure resulting in disruptions. Based on Dragos’s monitoring, the variety of ransomware incidents that impacted industrial organizations elevated by 50% final 12 months and over 70% impacted producers.
