Get 24/7 incident response assistance from our global team
Please review the following rules before submitting your application:
1. Our main objective is to foster a community of like-minded individuals dedicated to combatting cybercrime and who have never engaged in Blackhat activities.
2. All applications must include research or a research draft. You can find content criteria in the blog. Please provide a link to your research or research draft using the form below.
In this report, we share our key investigative findings and observations, including UNC2891’s tactics, techniques, and procedures.
Learn moreDiscover how Group-IB helps utilities secure the systems millions rely on every day. We bring clarity to complex OT and IT ecosystems, enhance visibility across distributed assets, and deliver intelligence that prevents service disruption and strengthens operational continuity. Your teams gain the insight needed to defend critical infrastructure in an increasingly hostile threat landscape.
Energy and utility operators manage infrastructures where every endpoint, relay, and control system matters. Aging OT and SCADA equipment must coexist with cloud platforms, distributed IoT sensors, and digitized field operations. This, in turn, introduces technical debt and new attack vectors.
Hybrid architectures, industrial IoT expansion, and cloud adoption have widened the attack surface across critical infrastructure. With IT, OT, cloud, and SaaS operating simultaneously, security teams face fragmented visibility, creating blind spots that adversaries routinely exploit to target grid operations.
attacks in MEA, 30 in North America, and 22 in Latin America illustrates the global pressure on energy systems
Group-IB consolidates telemetry from OT security, IT networks, cloud workloads, IoT devices, and SaaS systems into a single intelligence-led view. The Unified Risk Platform and Threat Intelligence correlate signals across your infrastructure, eliminating blind spots and surfacing early indicators of compromise that affect grid operations.
Group-IB Threat Intelligence delivers sector-specific insights into adversaries targeting energy generation, substations, distribution systems, and field operations. You receive timely warnings of actors probing ICS, exploiting cloud pathways, or scanning industrial IoT devices for weaknesses.
With IT, OT, cloud, and energy systems expanding faster than security teams can grow, continuous monitoring becomes essential. CERT-GIB’s threat analysts work around the clock to track anomalies, validate alerts, and investigate suspicious activity across your environment.
Large energy providers manage thousands of IT and OT assets like field sensors, substations, email platforms, and cloud tools. Each device adds complexity, and each system generates alerts. Without AI-driven filtering and intelligent correlation, security teams are overwhelmed by noise. Fatigue grows, genuine signals get missed, and attackers only need one overlooked alert to pivot deeper into critical infrastructure.
connected IoT devices are projected globally by 2030
Group-IB’s Unified Risk Platform applies intelligence-driven correlation to automatically connect related events, enrich them with threat actor data, and surface only what truly matters. Instead of hundreds of disconnected signals, URP presents your analysts with a clear narrative.
Group-IB Threat Intelligence helps utilities reduce alert overload by identifying which threat actors are relevant to their region, sector, and technology stack. Instead of thousands of alerts competing for attention, your SOC sees which ones directly match the tools, infrastructure, and behaviors of adversaries targeting energy providers.
Group-IB’s graph interface gives analysts a visual map that links alerts from OT, IT, SaaS, and cloud systems to real adversaries, their tools, and their infrastructure. Instead of manually stitching logs together, your team sees a clear storyline: who the attacker is, how they operate, and how the alert fits into their kill chain.
Smaller utilities and electric cooperatives face a different kind of pressure: limited security staffing. In many cases, one or two people are responsible for IT, SCADA, SaaS platforms, email security, and day-to-day technical support. With so many hats to wear, time becomes the hardest resource to manage.
of the energy-utility workforce is expected to retire within the next decade
Group-IB’s CERT-GIB analysts provide continuous 24/7 monitoring, delivering the level of operational coverage that smaller utilities and cooperatives cannot sustain internally. Our specialists track global threat activity targeting the energy sector, validate anomalous events, and escalate only those alerts that meet critical risk thresholds.
Group-IB’s Unified Risk Platform automates the time-consuming aspects of incident investigation by correlating logs, identifying patterns, mapping attacker behavior, and pinpointing root causes. Instead of spending hours piecing together alerts from SCADA, email, servers, and cloud tools, your analysts receive a ready-to-act incident storyline.
When incidents do happen, smaller utilities often lack the specialized skills needed to investigate complex intrusions. Group-IB’s Cyber Investigation and Digital Forensics teams step in as your on-demand experts and help recover digital evidence, profile cybercriminals, and guide you through containment and remediation without disrupting essential services.
Energy companies depend on a vast network of technology vendors, maintenance contractors, cloud platforms, equipment manufacturers, and third-party service providers. As OT environments and IT ecosystems converge, even a minor compromise in a supplier’s environment can become a high-impact threat to generation assets.
software companies and 3.5 million developers were impacted when the widely used MOVEit MFT platform suffered a supply chain attack
Group-IB’s Digital Risk Protection provides continuous monitoring of third-party exposure, tracking phishing infrastructure, domain spoofing, credential leaks, and dark-web discussions related to your vendors. This intelligence gives energy providers early visibility into compromised suppliers or partners.
Group-IB’s Managed XDR gives energy providers an immediate detection and response layer across IT and OT. Powered by proprietary Threat Intelligence and guided by 24/7 analysts, it helps you identify and stop supplier-linked threats before they disrupt operations.
Work with our specialists to align intelligence, monitoring, and response cybersecurity measures to the real threats facing energy and utility operations.
