2025年第八届OT/ICS网络安全年度回顾报告

Introduction....................................................................................................................................................................................... 4Defender’s Guide to the Current Threat Landscape.............................................................................................................. 7Adversaries Targeting OT: Awareness Over Sophistication................................................................................................. 7Defender Progress: Incremental But Uneven........................................................................................................................... 7OT-Centric Cyber Operations Increase as Geopolitical Tension and Conflicts Continue............................................... 9The Ukraine-Russian Conflict Fuels Activity for Established Dragos Threat Groups...................................................9KAMACITE Technical Update......................................................................................................................................... 10KAMACITE Campaigns....................................................................................................................................................... 10ELECTRUM Technical Update......................................................................................................................................... 12ELECTRUMCampaigns...................................................................................................................................................... 13Geopolitical Tensions in Asia Facilitate Further VOLTZITE Activity................................................................................. 14VOLTZITE Technical Update......................................................................................................................................................... 14VOLTZITE Campaigns....................................................................................................................................................... 16Ivanti VPN Zero-Day Campaign (December 2023).................................................................................................... 16Telecom and EMS Campaign (January 2024)............................................................................................................... 16ISP and Telecommunications Campaign (August 2024).......................................................................................... 16JDY Botnet (Late 2024)....................................................................................................................................................... 17Dragos Identifies Two New Threat Groups in 2024............................................................................................................. 18Introducing GRAPHITE.................................................................................................................................................................. 19GRAPHITE Campaigns..................................................................................................................................................... 20Introducing BAUXITE..................................................................................................................................................................... 22BAUXITE Campaigns........................................................................................................................................................ 23 An ICS Malware Definition.......................................................................................................................................................... 32ICS Malware Definition.................................................................................................................................................................. 32Three Properties of ICS Malware................................................................................................................................................ 32ICS-Capable......................................................................................................................................................................... 32Designed with Malicious Intent................................................................................................................................... 32The Ability for Adverse Effects on OT Environments............................................................................................. 33What Does the ICS Malware Definition Mean for Asset Owners?................................................................................. 34Hacktivists Continue to Wave Their Flags in Support of Certain Geopolitical Conflicts............................................. 35Hacktivists Claim Impacts to Critical Infrastructure.......................