1、OT/ICSCYBERSECURITYREPORT8 T H A N N U A LY E A R I N R E V I E W2 0 2 5CONTENTSIntroduction.4Defenders Guide to the Current Threat Landscape.7Adversaries Targeting OT:Awareness Over Sophistication.7Defender Progress:Incremental But Uneven.7OT-Centric Cyber Operations Increase as Geopolitical Tensio
2、n and Conflicts Continue.9The Ukraine-Russian Conflict Fuels Activity for Established Dragos Threat Groups.9KAMACITE Technical Update.10KAMACITE Campaigns.10ELECTRUM Technical Update.12ELECTRUM Campaigns.13Geopolitical Tensions in Asia Facilitate Further VOLTZITE Activity.14VOLTZITE Technical Update
3、.14VOLTZITE Campaigns.16Ivanti VPN Zero-Day Campaign(December 2023).16Telecom and EMS Campaign(January 2024).16ISP and Telecommunications Campaign(August 2024).16JDY Botnet(Late 2024).17Dragos Identifies Two New Threat Groups in 2024.18Introducing GRAPHITE.19GRAPHITE Campaigns.20Introducing BAUXITE.
4、22BAUXITE Campaigns.23Unitronics Campaign(November 2023-January 2024).23Sophos Firewall Attack(April 2024-May 2024).24Reconnaissance Scanning Campaign(June 2024-July 2024).25IOControl Campaign(Late 2023-2024).26ICS-Focused Malware Increasingly Used as a Tool in Conflict-Driven Campaigns.27BlackJack
5、Claims Disruption of Industrial Sensors in Moscow.27The Fuxnet Malware.28Lessons from Fuxnet.29FrostyGoop Malware Impacts Heating in Ukraine.29The FrostyGoop Malware.30Lessons from FrostyGoop.3022 0 2 5 O T/I C S C Y B E R S E C U R I T Y R E P O RT Y E A R I N R E V I E WAn ICS Malware Definition.3
6、2ICS Malware Definition.32Three Properties of ICS Malware.32ICS-Capable.32Designed with Malicious Intent .32The Ability for Adverse Effects on OT Environments.33What Does the ICS Malware Definition Mean for Asset Owners?.34Hacktivists Continue to Wave Their Flags in Support of Certain Geopolitical C