Xenotime, a group of hackers that has previously targeted oil and gas companies, has been targeting the U.S. electric grid in recent months, according to new research released Friday by cybersecurity group Dragos.
Dragos reported that the Xenotime group began “probing” the networks of electric utilities in both the U.S. and countries in the Asia-Pacific region in late 2018.
The report noted that none of the probes resulted in the group gaining access to an electric utility’s system, but wrote that “the persistent attempts, and expansion in scope is cause for definite concern.”
{mosads}Dragos added that while none of the probing has been successful, this type of activity could be evidence of the group preparing for future cyberattacks.
The company recommended that owners and operators of industrial control system companies, including U.S. electric, gas and oil utilities, should prepare for attempts to be hacked by the Xenotime group, and bolster their cybersecurity capabilities in response.
This particular group are the same hackers behind malware known as Trisis that was deployed against a Saudi Arabian oil and gas facility in 2017. Dragos wrote that this attack “targeted safety systems,” and was ultimately intended to “cause loss of life or physical damage.”
Dragos wrote that Xenotime is the only known hacking group to target safety systems of utilities with the intention of destroying or disrupting the company. While the Middle East was the group’s original target, it now operates globally.