Critical infrastructure providers are under threat of more frequent and sophisticated attacks as state-linked threat groups are increasingly collaborating with non-state actors to launch attacks against key sectors, a report released Tuesday by Dragos, a firm that provides industrial cyber services.
State-supported threat groups are sharing intelligence and infrastructure with other hackers to help them launch attacks against industrial sectors, which serve the objectives of rogue nations, but then provide the cover of deniability, according to Dragos.
“And so the top concern for most people in a lot of the governments I talk to is the proliferation of knowledge and capabilities from state actors to non-state actors,” Dragos CEO Rob Lee said on a conference call with journalists last week.
Lee warned that non-state actors tend to engage in more opportunistic attacks, but if state actors can transfer much of their knowledge and capabilities to hacktivists and other groups, then there will be more widespread and damaging attacks against important infrastructure providers.
The report comes at a critical period in the U.S., as state-linked threat groups, hacktivists and financially-motivated threat groups have increasingly targeted key industries in the U.S.
Volt Typhoon, a China-linked threat group, was the subject of a stark FBI warning last year. The bureau said the threat group was targeting critical infrastructure in the U.S. for diversionary attacks in advance of potential military conflict in the Asia-Pacific region.
Dragos said Volt Typhoon, which overlaps with a group that it calls Voltzite, has conducted sophisticated research on very specific and targeted infrastructure sites that would not be considered an obvious target.
“They didn’t just go after the biggest – they went after some very small and strategic sites,” Lee said during the presentation.
The threat group was also engaging in activity beyond IT network intrusions and stealing passwords; they were targeting very specific, critical information, including geographic information system data, screenshots of machine interfaces and other data that might fall under the radar.
Other hacktivist groups, linked to Iran’s Islamic Revolutionary Guard Corp., have targeted drinking water and wastewater treatment plants and other critical systems in the U.S.