Pierluigi Paganini
April 16, 2025
Resecurity warns about the increase in targeted cyberattacks against enterprises in the energy sector worldwide.
Some of these attacks represent much larger campaigns designed to target country-level infrastructure, acting as tools for geopolitical influence. It is expected that nation-state actors and foreign intelligence will leverage this approach as a new generation of warfare in the future, where the role of cybercriminal actors may be significant, enabling further cyberattacks and providing infrastructure and resources to conduct offensive cyber operations.
North American Electric Reliability Corporation (NERC), a non-profit international regulatory authority that enforces industry standards in the U.S. and Canada, warned last year that American power grids are becoming increasingly vulnerable to cyberattacks. According to NERC, the number of susceptible points in electrical networks is growing by about 60 per day. In response to these growing threats, the U.S. Department of Energy (DOE) issued new cybersecurity guidelines for electric distribution systems and distributed energy resources (DER). These guidelines, developed in collaboration with the National Association of Regulatory Utility Commissioners (NARUC), aim to provide a common framework for reducing risk and improving the cyber resilience of critical infrastructure.
According to cybersecurity experts, hacktivism is another prevailing threat targeting energy firms, with ideologically motivated adversaries linked to Russia-Ukraine and various Gaza-nexus adversary groups attempting to build credibility by publicizing alleged compromises of various victims’ OT networks. Most concerning, nation-state espionage actors linked to China, Iran, and North Korea have also increasingly been observed targeting the energy sector, including nuclear facility personnel.
These cyber-espionage campaigns are primarily driven by geopolitical considerations, as tensions shaped by the Russo-Ukraine war, the Gaza conflict, and the U.S.’ “great power struggle” with China are projected into cyberspace. With hostilities rising, potentially edging toward a third world war, rival nations are attempting to demonstrate their cyber-military capabilities by penetrating Western and Western-allied critical infrastructure networks. Fortunately, these nation-state campaigns have overwhelmingly been limited to espionage, as opposed to Stuxnet-style attacks intended to cause harm in the physical realm.
A secondary driver of increasing cyberattacks against energy targets is technological transformation, marked by cloud adoption, which has largely mediated the growing convergence of IT and OT networks. OT-IT convergence across critical infrastructure sectors has thus made networked industrial Internet of Things (IIoT) appliances and systems more penetrable to threat actors. Specifically, researchers have observed that adversaries are using compromised IT environments as staging points to move laterally into OT networks.
Compromising OT can be particularly lucrative for ransomware actors, because this type of attack enables adversaries to physically paralyze energy production operations, empowering them with the leverage needed to command higher ransom sums. In cyber-military or cyber-terroristic scenarios, however, the sabotage of OT systems can be catastrophic for physical environments and human life.
Another technological trend that has transformed the threat environment for energy firms is rapidly advancing AI adoption. Not only has AI lowered the barriers to entry for certain types of attack campaigns, but the growing integration of AI with energy sector networks has introduced a maelstrom of new cyber-risk scenarios.
The threat intelligence report presents findings collected by Resecurity’s HUNTER threat intelligence unit in order of ransomware-related incidents, access brokers, hacktivist leaks, and breaches specifically targeting the nuclear energy sector.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, energy)
