Pierluigi Paganini May 07, 2025

CISA, FBI, EPA, and DoE warn of cyberattacks on the U.S. Energy sector carried out by unsophisticated cyber actors targeting ICS/SCADA systems.

The US cybersecurity agency CISA, the FBI, EPA, and the DoE issued a joint alert to warn of cyberattacks targeting US-based organizations in the oil and natural gas sector.

Unsophisticated threat actors are targeting ICS/SCADA systems in U.S. energy and transport sectors, exploiting poor cyber hygiene to cause major disruptions.

The researchers observed that attackers are using “basic and elementary intrusion techniques.”

“CISA is increasingly aware of unsophisticated cyber actor(s) targeting ICS/SCADA systems within U.S. critical Infrastructure sectors (Oil and Natural Gas), specifically in Energy and Transportation Systems.” reads the alert. “Although these activities often include basic and elementary intrusion techniques, the presence of poor cyber hygiene and exposed assets can escalate these threats, leading to significant consequences such as defacement, configuration changes, operational disruptions and, in severe cases, physical damage. “

The US agencies urges Critical Infrastructure Asset Owners and Operators to review the fact sheet “Primary Mitigations to Reduce Cyber Threats to Operational Technology” to reduce the risk of potential intrusions.

Critical infrastructure operators should: remove OT from public internet; change default passwords; secure remote access with VPN and MFA; segment IT/OT networks; and ensure manual OT operation capability. These steps help counter simple yet scalable OT cyber threats and reduce risks of disruptions, damage, and system compromise due to poor cyber hygiene and exposure.

US CISA warns that misconfigurations may be introduced during standard operations, by the system integrator, by a managed service provider, or as part of the default product configuration by the system manufacturer. Government experts recommend working with the relevant groups to address these issues to prevent the accidental introduction of vulnerabilities in critical infrastructure.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, U.S. Energy sector)