The infamous XENOTIME Hacking group expanded its target beyond oil and gas to the electric utility sector. XENOTIME threat actor group responsible for TRITON malware that is capable of causing physical damage and inadvertently shut down operations.
XENOTIME group uses to focus on oil and gas related industries: starting in late 2018, the group expands it’s targets to the electric utility organizations in the U.S. and elsewhere.
“Dragos identified a persistent pattern of activity attempting to gather information and enumerate network resources associated with U.S. and Asia-Pacific electric utilities.”
Initial stages of infection start with reconnaissance and initial access operations, followed by login attempts with credentials through possible credential “stuffing” method or using stolen usernames and passwords.