New research highlights escalating cyberthreats to global energy sector
Resecurity’s latest report documents the growing scale of cyberattacks against global energy infrastructure, driven by a mix of nation-state, ransomware, and hacktivist actors.
Resecurity has published new research examining recent cyber threat activity targeting energy infrastructure across North America, Asia, and the European Union. The report, a continuation of Resecurity’s earlier analysis, focuses on incidents involving energy firms, including nuclear facilities and associated research entities.
According to the findings, these organisations are being targeted by various threat actors, including hacktivist groups, ransomware operators, and nation state entities. The report observes that geopolitical tensions remain a significant factor behind many of these activities, with actors associated with China, Iran, North Korea, and Russia among those identified.
The primary focus of these campaigns has been cyber-espionage, although incidents involving ransomware operations against operational technology (OT) systems have also been reported. The convergence of IT and OT systems, the growing use of cloud technologies, and the increased deployment of Industrial Internet of Things (IIoT) devices are noted as factors contributing to the expanded attack surface within the sector.
Resecurity’s HUNTER unit documented various threat actors engaged in targeting critical infrastructure. The report emphasises the need for energy firms to monitor potential exposure of credentials across dark web platforms, particularly due to vulnerabilities within IT and software supply chains.
Technological developments such as AI adoption within the energy sector are also discussed as contributing to the evolving threat landscape. AI is reported to lower entry barriers for certain types of cyber operations, while its integration into critical infrastructure networks introduces additional risks.
The Resecurity analysis also underscores the role of cyber supply chain risks, citing the MOVEit managed file transfer breach as an example of downstream impacts affecting multiple layers of vendors and service providers.
In response to these developments, the US Department of Energy (DOE), alongside the National Association of Regulatory Utility Commissioners (NARUC), issued updated cybersecurity guidelines in 2024 aimed at strengthening the resilience of electric distribution systems and distributed energy resources.
Overall, the research identifies an increase in cyberattacks targeting energy infrastructure globally, suggesting that some of these activities may be linked to broader geopolitical strategies. The report highlights the involvement of both state-sponsored and criminal actors in shaping this threat environment.
Would you like to learn more about AI, tech and digital diplomacy? If so, ask our Diplo chatbot!
About author
DW Team
The GIP Digital Watch Observatory team, consisting of over 30 digital policy experts from around the world, excels in the fields of research and analysis on digital policy issues. The team is backed by the creative prowess of Creative Lab Diplo and the technical expertise of the Diplo tech team.
