Dragos Identifies Three New Threat Groups as OT Cyberattacks Escalate
Event summary
- Dragos identified three new threat groups (AZURITE, PYROXENE, SYLVANITE) targeting critical infrastructure globally.
- Adversaries progressed from reconnaissance to operational disruption, with ransomware attacks surging 49% year-over-year.
- ELECTRUM targeted distributed energy systems in Poland, while KAMACITE mapped control loops across U.S. infrastructure.
- VOLTZITE was elevated to Stage 2 of the ICS Cyber Kill Chain, manipulating engineering workstation software.
- Dragos tracked 119 ransomware groups impacting 3,300 organizations in 2025, with manufacturing accounting for two-thirds of victims.
The big picture
Dragos' report highlights a significant escalation in cyber threats targeting industrial and critical infrastructure, with adversaries advancing from isolated device targeting to mapping entire industrial control systems. The surge in ransomware attacks and the identification of new threat groups underscore the growing sophistication and coordination among cyber adversaries. This trend necessitates a stronger focus on OT-specific cybersecurity measures to prevent operational disruptions and ensure the resilience of critical infrastructure.
What we're watching
- Threat Evolution
- How the maturation of adversary operations will impact industrial cybersecurity strategies.
- Ransomware Impact
- Whether industrial organizations can reduce the average dwell time of ransomware in OT environments.
- Defensive Gains
- The pace at which organizations adopt comprehensive OT visibility to mitigate future cyber threats.