Dragos, Inc., the global leader in cybersecurity for operational technology (OT) environments, today released the Dragos 2025 OT/ICS Cybersecurity Report, our 8th Annual Year in Review, the industry
8th Annual Year in Review Names Two New OT Cyber Threat Groups, Ongoing Infiltration by VOLTZITE, and Global Threat from FrostyGoop Malware
HANOVER, Md.: Dragos, Inc., the global leader in cybersecurity for operational technology (OT) environments, today released the Dragos 2025 OT/ICS Cybersecurity Report, our 8th Annual Year in Review, the industry’s most comprehensive report on cyber threats facing industrial organizations. The report detailed two new OT cyber threat groups, reported ransomware activity surging at an increase of more than 87% over last year, and described the emergence of new malware families designed specifically for OT environments.
“This year’s report demonstrates two important trends; that OT has become a mainstream target, and that even advanced cyber operations are employing unsophisticated tactics to compromise and disrupt critical infrastructure,” said Robert M. Lee, Co-founder and CEO of Dragos. “Skilled adversaries from state-sponsored groups are hiding in critical infrastructure and hacktivists and criminal groups are increasingly using ransomware and exploiting known vulnerabilities, weak remote access configurations, and exposed OT assets to penetrate industrial environments. Meanwhile lack of visibility into OT conceals the full scope of these attacks.”
“However, it’s important to recognize the progress made by OT defenders,” Lee added. “We’ve seen organizations implement stronger network segmentation, improve visibility into their OT environments, and develop more robust incident response capabilities. These proactive measures are making it harder for adversaries to operate undetected and are key to the long-term resilience of industrial cybersecurity.”
Details of the Dragos 2025 OT/ICS Cybersecurity Report:
Dragos identified two new OT Cyber Threat Groups—GRAPHITE and BAUXITE.
With these additions, Dragos analysts now track 23 Threat Groups worldwide, 9 of which were active in OT operations in 2024.
Dragos Identified Two New ICS-Focused Malware Threats—Fuxnet and FrostyGoop.
The development of new malware strains specifically targeting industrial control systems (ICS) underscores an increasing adversarial focus on disrupting industrial operations.
Updated Threat Group Activity:
Other Key Findings:
It's Time to Hunt: Enhancing Industrial Cybersecurity Resilience
Adversaries have evolved, leveraging increasingly sophisticated attack methods to infiltrate industrial environments. The data from this year’s report is clear: organizations that take proactive security measures experience shorter recovery times, reduced financial losses, and minimized operational disruptions. Threat hunting is no longer an option—it is a necessity.
Industrial organizations must move beyond reactive security measures and embrace threat hunting as a fundamental defense strategy. Attackers are exploiting known vulnerabilities, remote access weaknesses, and supply chain gaps at an accelerating rate. Organizations that proactively search for threats and adversarial activity within their environments gain a crucial advantage in preventing attacks before they escalate.
ICS defenders must be relentless. Attackers like VOLTZITE are already inside networks, and the ability to hunt them down before they cause damage is the next evolution of industrial cybersecurity. Now, more than ever, it’s time to hunt.
YIR Report and Resources:
The 2024 Dragos OT Cybersecurity Year in Review is an annual overview and analysis of OT-focused global threat activities, vulnerabilities, and industry insights and trends. The full report can be downloaded here.
To attend the virtual 2025 OT/ICS Cybersecurity Executive Briefing featuring the report with Dragos CEO and Co-founder Robert M. Lee, register here.
About Dragos, Inc.
Dragos provides the most effective OT cybersecurity technology for industrial and critical infrastructure to deliver on our global mission: to safeguard civilization. After nearly a decade of real-world experience handling landmark attacks on OT networks, Dragos understands the complexity and risks of industrial environments, which operate on massive scale with unique systems and exacting availability requirements and are not protected by IT cybersecurity.
The Dragos Platform provides visibility and monitoring of OT environments for asset identification, vulnerability management, and threat detection with continuous insights generated by the industry’s most experienced OT threat intelligence and services team. It discovers and monitors OT, IT, IoT, and IIoT assets within the OT environment and integrates with IT security infrastructure. Dragos protects customers across a range of industrial sectors including electric, oil & gas, manufacturing, water, transportation, mining, and government. Dragos is privately held and headquartered in the Washington, DC area with presence around the world and offices in North America, EMEA, and APAC.
Fonte: Business Wire
Alaa Abdul Nabi, Vice President, Sales International at RSA presents the innovations the vendor brings to Cybertech as part of a passwordless vision for…
G11 Media's SecurityOpenLab magazine rewards excellence in cybersecurity: the best vendors based on user votes
Always keeping an European perspective, Austria has developed a thriving AI ecosystem that now can attract talents and companies from other countries
Successfully completing a Proof of Concept implementation in Athens, the two Italian companies prove that QKD can be easily implemented also in pre-existing…
Morning Walk, the modern performance branding company known for building brands while driving scalable business results, announced today a surge in growth…
Work AI leader Glean today announced its lineup of powerhouse industry speakers - from Fortune 500 CEOs to AI-first disruptors - set to take the stage…
#3DEXPERIENCE--Dassault Systèmes (Euronext Paris: FR0014003TT8, DSY.PA) and Airbus have extended their long-term strategic partnership, putting the 3DEXPERIENCE…
#AI--C1 by Thesys is the world’s first API built for Generative User Interface (GenUI), enabling developers to turn LLM outputs into live, dynamic applications…