Anonymous Reporting
MCA Chatter
V-ID Terminal
My Account


Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019

New ICS Adversary Group Targeting US Utilities

August 6th 2018
A newly discovered adversarial group has been targeting operations in electrical utilities in the US, according to Dragos. The activity group, dubbed RASPITE, has reportedly been active in some capacity since early to mid-2017.

Dragos has confirmed that RASPITE is now targeting ICS, specifically electric utilities in the US, Europe, Middle East and East Asia. While researchers have confirmed that this new group is targeting electric utilities, there is no current indication the group has the capability of destructive ICS attacks, including widespread blackouts like those in Ukraine.

Detailed in a blog post, analysis of the group’s activity revealed that the group currently focuses on initial access operations within the electrical utility sector. They gain access to their target networks by leveraging strategic website compromise. RASPITE also maps to LeafMiner, a group that Symantec recently reported on in the Middle East.

“RASPITE uses the same methodology as DYMALLOY and ALLANITE in embedding a link to a resource to prompt an SMB connection, from which it harvests Windows credentials,” the blog post stated. Deploying install scripts grants them remote access to the victim machine via a malicious service that beacons back to RASPITE-controlled infrastructure.

“Dragos caught RASPITE early in its maturity, which is ideal as it allows us to track its behavior and threat progression to help organizations defend against them. RASPITE uses common techniques, which is good because defenders with sufficient monitoring can catch them and mitigate any opportunity for them to get better,” said Sergio Caltagirone, director of threat intelligence, Dragos.

"At this time we are limiting the amount of information in our public reports to avoid the proliferation of ideas or tradecraft to other activity groups. Although Dragos does not conduct country-specific attribution of industrial control threats, generally threats focused on industrial control are state sponsored due to the inherent risk, limited financial gain and potential blow back from the operations.”