A new Russia-linked threat group, known as Z-Pentest, has emerged in the cybersecurity landscape, targeting critical infrastructure environments and disrupting system controls. Despite being operational for only two months, the group has already claimed responsibility for at least 10 hacks on operational technology (OT) control panels. One of their recent unverified claims involves the disruption of a U.S. oil well system, raising concerns about the impact of their activities on essential services.
In addition to Z-Pentest, the Cyble blog post also shed light on the People’s Cyber Army, an older Russian threat group that has been actively targeting U.S. water systems, with at least eight reported breaches this year. Both groups justify their cyberattacks by citing support for Ukraine and have expanded their operations to countries like Canada, Australia, France, South Korea, Taiwan, Italy, Romania, Germany, and Poland.
The actions of these two threat groups underscore the vulnerable state of U.S. critical infrastructure, which has also been targeted by other nation-state actors like China. This alarming trend indicates a growing concern for the security and resilience of essential services and underscores the need for enhanced cybersecurity measures to protect critical infrastructure from malicious actors.
Z-Pentest and the People’s Cyber Army have demonstrated a flair for the dramatic, often posting videos of their exploits online. The Cyber Army of Russia, for example, shared screen recordings of members tampering with operational controls after breaching water systems in Texas and Delaware. These visuals serve to showcase the extent of their capabilities and the potential impact of their actions on crucial systems.
While Z-Pentest is a relatively new player in the cybersecurity arena, the group has already made significant waves with their exploits. In just two months of operation, they have claimed 10 breaches of process control panels, each accompanied by videos showing members manipulating system settings. Their recent claims of disrupting critical systems at an oil well site highlight the growing sophistication and audacity of threat actors in targeting essential infrastructure.
Cyble researchers have raised concerns about the potential damage that hackers could inflict on critical infrastructure environments. While programmable logic controllers (PLCs) have safety features to prevent malicious actions, the accessibility of these environments to threat actors remains a significant concern. The increase in threat activity targeting the energy sector, as well as the proliferation of ransomware attacks and zero-day vulnerabilities on the dark web, further emphasize the need for robust cybersecurity measures to safeguard critical systems.
In light of these developments, Cyble has recommended security measures for operational technology and critical infrastructure environments to mitigate risks. As these sectors cannot afford downtime and often rely on end-of-life devices that cannot be easily patched, proactive monitoring and defense strategies are essential to safeguarding essential services from cyber threats.
Overall, the emergence of Z-Pentest and the continued activities of threat groups like the People’s Cyber Army underscore the evolving threat landscape facing critical infrastructure. As these actors demonstrate increased capabilities and boldness in their cyberattacks, it is crucial for organizations and governments to strengthen their cybersecurity defenses to protect vital systems and services from potentially catastrophic disruptions.