LIVE
UTC --:--:--
OT SECURITY HUB
by zuckergates
Learn · Academy, labs & literasi OT
Roadmap Belajar
Roadmap role-based
LMS Academy
Materi · pre-test · post-test
Labs
50+ hands-on labs · CTF · cyber range
Articles
Deep dive teknis & how-to
News
Update OT/ICS harian
Glossary
≈190 istilah OT, ICS & SCADA
Resources
Buku, kursus, podcast, lab
Knowledge · Anatomi sistem industrial
Protocols
Modbus, DNP3, IEC-104, OPC UA
Architectures
Purdue, IEC 62443 zones
Assets
PLC, RTU, HMI, SIS, Historian
Sectors
Energy, water, manufacturing
Knowledge Graph
Relasi lintas modul (interaktif)
Threat Intel · OT/ICS threat operations center
Incidents & Timeline
Database insiden + linimasa (5 view modes)
Threats
Actors & ICS Malware · Sandworm, Pipedream, Triton
Vulnerabilities
CVE Watch · eksploitasi aktif & CVSS ≥ 8.0
Advisories
ICS-CERT, vendor PSIRT, CERT nasional
Governance · Framework, kontrol, assessment
Frameworks
IEC 62443, NIST CSF 2.0, NIS2
Controls
Kontrol teknis & prosedural
Assessments
Maturity & gap assessment
Ecosystem · Vendor, tools, intel mingguan
Vendors
Siemens, Schneider, Rockwell, ABB, Honeywell
Tools
Tool open-source & komersial (≈70+)
Brief
Executive brief mingguan
// MODULE · THREAT INTELLIGENCE

Threat actors & ICS malware — interactive intel

54 APT/cybercrime/hacktivist group dan 55 malware family relevan untuk OT/ICS. Filter, cari, dan pin yang relevan untuk environment Anda.

54
Actors
31
Nation State
15
Cybercrime
5
Hacktivist
55
Malware family
17
ICS-specific
Showing 54 / 54 · pinned 0

RansomHub

3 incidents
Russia/CIS · active 2024–present
Cybercrime

RaaS dominan 2024-2025 menerima banyak affiliate eks-ALPHV.

aka:
Targets
ManufacturingHealthcareOil & Gas
Malware
RansomHub locker
↗ Reference→ see incidents

Handala

Iran-aligned · active 2024–present
Hacktivist

Wiper Iran-linked dengan klaim publik agresif.

aka:
Targets
Israel TelecomEnergyDefense
Malware
Handala wiper

BlackJack

1 incident
Ukraine (suspected) · active 2023–present
Hacktivist

Hacktivist Ukraina yang merilis FuxNet wiper sensor.

aka:
Targets
Russia UtilitiesTelecom
Malware
FuxNet
↗ Reference→ see incidents

Voltzite

China · active 2023–present
Nation State

Cluster Dragos untuk operasi pre-positioning China di utility US.

aka: Volt Typhoon overlap
Targets
US ElectricWaterTelecom
Malware
LotL
↗ Reference

Gananite

Unknown · active 2023–present
Nation State

Cluster Dragos baru di sektor critical national infrastructure.

aka:
Targets
National CIDefense
Malware
Custom backdoor

Laurionite

Unknown · active 2023–present
Cybercrime

Operator yang scan masif Oracle EBS untuk pivot ke OT/ERP.

aka:
Targets
Oracle E-BusinessManufacturing
Malware
Web exploit toolkit

Bauxite

Iran (IRGC) · active 2023–present
State-Sponsored

Cluster Dragos untuk operasi Iran-linked di utility kecil US/Israel.

aka: CyberAv3ngers overlap
Targets
WaterWastewaterEnergy
Malware
IOControl
↗ Reference

Hunters International

Unknown · active 2023–present
Cybercrime

Rebrand suspected dari Hive ransomware.

aka:
Targets
ManufacturingAutoHealthcare
Malware
Hive code reuse

Akira Group

Russia/CIS · active 2023–present
Cybercrime

Operator paling aktif menyerang VPN tanpa MFA dan ESXi.

aka: Storm-1567
Targets
ManufacturingEducationUtilities
Malware
Akira locker (C++/Rust)
↗ Reference

DragonForce

Malaysia/Russia mix · active 2023–present
Cybercrime

RaaS yang dipakai Scattered Spider dan affiliate Asia.

aka:
Targets
ManufacturingGovernmentHealthcare
Malware
DragonForce locker (LockBit fork)
↗ Reference

DarkBit

Iran-linked · active 2023–present
Hacktivist

Wiper bertema ransom yang menyerang Israel.

aka:
Targets
Israel academiaManufacturing
Malware
DarkBit locker

Twelve

Ukraine-aligned · active 2023–present
Hacktivist

Hacktivist Ukraina dengan kombinasi ransomware + wiper.

aka:
Targets
Russia ManufacturingGovernment
Malware
LockBit + wipers

Chernovite

1 incident
Unknown (state-grade) · active 2022–present
Nation State

Pengembang framework malware ICS modular paling canggih yang diketahui publik.

aka:
Targets
Multi-industry OT
Malware
Pipedream/Incontroller
↗ Reference→ see incidents

GraphSteel

Russia · active 2022–present
Nation State

Initial access broker untuk operasi Sandworm di Ukraina.

aka:
Targets
Government UkraineEnergy
Malware
GraphSteelGrimPlant

Erbium

CIS · active 2022–present
Cybercrime

Stealer commodity yang sering ditemukan sebelum deployment ransomware OT.

aka:
Targets
ManufacturingLogistics
Malware
Erbium stealer

Velvet Ant

China · active 2022–present
Nation State

Operator yang bersembunyi di appliance jaringan tak terpantau (F5, NAS).

aka:
Targets
FinancialManufacturing
Malware
PlugX legacy
↗ Reference

RedFly

1 incident
China · active 2022–present
Nation State

Operator yang bersembunyi 6 bulan di operator grid listrik nasional Asia.

aka:
Targets
National Grid Asia
Malware
ShadowPad
↗ Reference→ see incidents

PLAY

Russia/CIS · active 2022–present
Cybercrime

Ransomware big-game hunter aktif di sektor industrial Eropa.

aka: PlayCrypt
Targets
ManufacturingGovernmentEnergy
Malware
PlayCrypt
↗ Reference

8Base

Unknown · active 2022–present
Cybercrime

RaaS yang fokus SMB & supplier OT skala menengah.

aka:
Targets
SMB ManufacturingLogistic
Malware
Phobos variant

Qilin

1 incident
Russia/CIS · active 2022–present
Cybercrime

RaaS Rust dengan affiliate kuat di sektor kritis.

aka: Agenda
Targets
HealthcareManufacturingEnergy
Malware
Qilin Rust locker
↗ Reference→ see incidents

Scattered Spider

7 incidents
USA/UK · active 2022–present
Cybercrime

Operator native English yang ahli vishing & SIM-swap untuk akses awal.

aka: UNC3944, Octo Tempest
Targets
TechInsuranceManufacturingCasino
Malware
BlackCatRansomHubDragonForce
↗ Reference→ see incidents

Kapeka Operators

Russia (Sandworm overlap) · active 2022–present
Nation State

Backdoor Sandworm-linked yang ditemukan WithSecure 2024.

aka:
Targets
EU EnergyLogistics
Malware
Kapeka backdoor
↗ Reference

Volt Typhoon

1 incident
China (PLA) · active 2021–present
Nation State

Pre-positioning untuk potensi konflik; sangat stealthy dengan minimal custom tooling.

aka: Vanguard Panda
Targets
Critical Infrastructure USTelecomWaterEnergy
Malware
LotL only
↗ Reference→ see incidents

LAPSUS$

Brazil/UK · active 2021–2023
Cybercrime

Grup ekstorsi muda dengan social engineering masif.

aka:
Targets
TechTelecomManufacturing
Malware
Stealer commodity
↗ Reference

Predatory Sparrow

4 incidents
Israel-aligned (suspected) · active 2021–present
Hacktivist

Hacktivist canggih yang menyerang infrastruktur Iran dengan video tease.

aka: Gonjeshke Darande
Targets
Iran SteelIran RailIran Fuel
Malware
Custom wiper
↗ Reference→ see incidents

Flax Typhoon

China · active 2021–present
Nation State

Living-off-the-land China dengan SoftEther VPN sebagai persistence.

aka: Ethereal Panda
Targets
GovernmentManufacturing TaiwanEducation
Malware
LotLSoftEther VPN
↗ Reference

Medusa

Unknown · active 2021–present
Cybercrime

RaaS aktif di manufaktur dan publik 2023-2024.

aka:
Targets
ManufacturingEducationGovernment
Malware
MedusaLocker variant
↗ Reference

Erythrite

Unknown · active 2020–present
Cybercrime

Akses awal lewat poisoned SEO untuk dijual ke ransomware operator.

aka:
Targets
ManufacturingLogistics
Malware
SEO poisoning loader
↗ Reference

CyberAv3ngers

3 incidents
Iran · active 2020–present
State-Sponsored

Menyerang PLC default-password di sektor water dan manufaktur Israel/US.

aka: IRGC-linked
Targets
WaterManufacturing
Malware
IOControl
↗ Reference→ see incidents

Salt Typhoon

1 incident
China · active 2020–present
Nation State

Spionase telekom AS yang menyusup carrier besar untuk lawful intercept abuse.

aka: Ghost Emperor, Earth Estries
Targets
TelecomISPGovernment
Malware
Demodex rootkitSparrowDoor
↗ Reference→ see incidents

ToddyCat

China (suspected) · active 2020–present
Nation State

APT spionase Asia dengan toolset orisinil.

aka:
Targets
Government AsiaTelecom
Malware
Samurai backdoorNinja agent
↗ Reference

Agonizing Serpens

Iran · active 2020–present
Nation State

Wiper-heavy operator Iran terhadap entitas Israel.

aka: Pink Sandstorm
Targets
Israel EducationTechManufacturing
Malware
Multiple wipers

Earth Lusca

China · active 2019–present
Nation State

Operator China multi-sektor termasuk supply chain.

aka:
Targets
GovernmentEducationGaming
Malware
Cobalt StrikeDoraemon
↗ Reference

Scarred Manticore

Iran (MOIS) · active 2019–present
Nation State

Operator MOIS Iran yang sangat persistent dan stealthy.

aka: Storm-0861
Targets
Government METelecomFinance
Malware
LIONTAIL
↗ Reference

Wassonite

1 incident
DPRK · active 2018–present
Nation State

Operasi spionase terhadap fasilitas nuklir dan energi.

aka:
Targets
NuclearEnergyAerospace
Malware
DTrack
↗ Reference→ see incidents

Hexane

Iran (suspected) · active 2018–present
Nation State

Spionase telekom dan migas, fokus geopolitik Timur Tengah.

aka: Lyceum, Spirlin
Targets
Oil & GasTelecom
Malware
SharkMilan
↗ Reference

FIN12

Russia/CIS · active 2018–present
Cybercrime

Operator ransomware berfokus tinggi-tinggi value.

aka:
Targets
HealthcareManufacturing
Malware
RyukConti
↗ Reference

Covellite

DPRK · active 2017–2020
Nation State

Sub-grup Lazarus yang fokus ke utility listrik US dan Eropa.

aka: Lazarus subset
Targets
Electric Utilities
Malware
Custom RAT
↗ Reference

MuddyWater

Iran (MOIS) · active 2017–present
Nation State

Living-off-the-land Iran ke sektor publik regional.

aka: Static Kitten, Mercury
Targets
TelecomGovernmentEnergy ME
Malware
POWERSTATSSHARPSTATS
↗ Reference

Electrum

Russia · active 2016–present
Nation State

Development team yang menulis Industroyer dan variannya.

aka:
Targets
Electric Utility
Malware
IndustroyerIndustroyer2
↗ Reference

TrickBot Group

Russia · active 2016–present
Cybercrime

Ekosistem malware-as-a-service besar.

aka: Wizard Spider
Targets
ManufacturingHealthcareFinance
Malware
TrickBotRyukContiBazarLoader
↗ Reference

Xenotime

1 incident
Russia (CNIIHM) · active 2014–present
Nation State

Satu-satunya grup yang publik diketahui menyerang Safety Instrumented System.

aka: TEMP.Veles
Targets
Oil & GasPetrochemicalElectric Utility
Malware
Triton/Trisis
↗ Reference→ see incidents

Kamacite

Russia · active 2014–present
Nation State

Spesialis initial access untuk operasi group Russia lainnya di sektor energi.

aka:
Targets
Electric UtilityEnergy
Malware
BlackEnergyGreyEnergy
↗ Reference

Mustang Panda

China · active 2014–present
Nation State

Operasi spionase regional Asia Tenggara intensif.

aka: RedDelta, Bronze President
Targets
Government SE AsiaNGO
Malware
PlugXKorplug
↗ Reference

OilRig

Iran · active 2014–present
Nation State

APT Iran fokus migas Teluk.

aka: APT34, HelixKitten
Targets
Oil & GasGovernmentFinance
Malware
BONDUPDATERQUADAGENT
↗ Reference

Andariel

DPRK · active 2014–present
Nation State

Sub-unit Lazarus fokus spionase teknologi pertahanan & energi.

aka: Onyx Sleet, Plutonium
Targets
DefenseEnergyNuclear
Malware
MagicRATTigerRATMaui ransomware
↗ Reference

APT33

2 incidents
Iran · active 2013–present
Nation State

Wiper destruktif Shamoon dan spionase petrokimia Teluk.

aka: Elfin, Refined Kitten
Targets
AviationPetrochemical
Malware
ShamoonStoneDrillDropShot
↗ Reference→ see incidents

APT41

China · active 2012–present
State-Sponsored

Dual operasi spionase + finansial; menyerang lintas industri.

aka: Barium, Winnti, Wicked Panda
Targets
HealthcareTelecomManufacturingGaming
Malware
ShadowPadPlugXCrosswalk
↗ Reference

Kimsuky

DPRK · active 2012–present
Nation State

Spionase Korea Utara di kebijakan dan energi semenanjung Korea.

aka: Velvet Chollima, Black Banshee
Targets
GovernmentThink TankEnergy
Malware
BabySharkAppleSeed
↗ Reference

Sandworm

9 incidents
Russia (GRU 74455) · active 2009–present
Nation State

Unit ofensif GRU Russia paling aktif menyerang critical infrastructure global.

aka: Voodoo Bear, Iridium, Telebots
Targets
EnergyGovernmentMediaTelecom
Malware
BlackEnergyIndustroyerIndustroyer2NotPetyaAcidRain
↗ Reference→ see incidents

Lazarus Group

DPRK · active 2009–present
Nation State

Operasi sangat luas, termasuk targeting nuklir dan grid listrik global.

aka: Hidden Cobra, Zinc
Targets
FinanceEnergyDefenseCrypto
Malware
WannaCryDTrackMagicRAT
↗ Reference

APT40

China (MSS Hainan) · active 2009–present
Nation State

Spionase teknologi maritim & energi.

aka: Leviathan, Kryptonite Panda
Targets
MaritimeEnergyEngineering
Malware
BadFlickFunnyDream
↗ Reference

APT28

Russia (GRU 26165) · active 2008–present
Nation State

Unit GRU lain selain Sandworm; fokus spionase politik & militer.

aka: Fancy Bear, Sofacy
Targets
GovernmentEnergyDefense
Malware
X-AgentZebrocyDrovorub
↗ Reference

APT29

Russia (SVR) · active 2008–present
Nation State

SVR Russia; supply chain operator paling sukses.

aka: Cozy Bear, NobleBaron
Targets
GovernmentTechEnergy
Malware
WellMessSUNBURST
↗ Reference
→ Incidents involving these actors→ Vulnerabilities ICS yang relevan→ Controls untuk mitigasi