Xenotime: A recent report from the Electric Information Sharing and Analysis Center (E-ISAC) has indicated a recent spike in scanning activity at 20 different electrical utilities in the United States. Scanning activity itself is not uncommon by any means, nor does it pose a serious threat to day to day functions. This scanning activity though has been tracked back to the group Xenotime, who is responsible for the well-known Triton malware. At this time, there is no evidence that any systems at any of the targeted sites have been compromised in any way, that fact has not given security personnel any comfort though, considering Xenotime’s abilities and the damage caused by their attacks on safety systems at a Saudi chemical plant in 2017–an attack which earned Triton the title of “world’s most murderous malware” because of the massive destruction that was possible by the attack. This report comes around the same time as a New York Times report claiming that the U.S. was attacking the Russian power grid, and some questions have been raised about the cause of a power outage in South America which left 44 million without power.
Analyst Notes
Threat Actors from around the world have interest in taking down power grids in various nations for one reason or another, and it is unlikely that probing and targeting activity will end anytime soon, especially with the state of international affairs.
